From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: [PATCH 2/2] services: Add 'dropbear-service'.
Date: Sat, 9 Jul 2016 14:32:06 -0400
Message-ID: <20160709183206.GE2010@jasmine>
References: <20160704205616.11599-1-david@craven.ch>
	<20160704205616.11599-2-david@craven.ch>
	<20160707172517.GA5283@jasmine>
	<CAL1_imm_usAMVg+6A4hgCAd4hFqVp82Wm8o6B3_htuKZj=+J_A@mail.gmail.com>
	<CAL1_imngQYMNaQJ6c=P7=wrRwXy0XJt2S=g2msf_ojnT8LNVRA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33239)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1bLx37-0005Rs-Kk
	for guix-devel@gnu.org; Sat, 09 Jul 2016 14:32:22 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1bLx33-0007Ic-JM
	for guix-devel@gnu.org; Sat, 09 Jul 2016 14:32:21 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:49719)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1bLx32-0007IF-DK
	for guix-devel@gnu.org; Sat, 09 Jul 2016 14:32:17 -0400
Content-Disposition: inline
In-Reply-To: <CAL1_imngQYMNaQJ6c=P7=wrRwXy0XJt2S=g2msf_ojnT8LNVRA@mail.gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: David Craven <david@craven.ch>
Cc: guix-devel@gnu.org

On Sat, Jul 09, 2016 at 04:39:02PM +0200, David Craven wrote:
> Yeah, I should have better said I don't know instead of talking out of my ass.

That's harsh! I'm not an expert either, but I have begun trying to
understand the assumptions that programs like SSH daemons make in their
security model. In some cases, they assume that /dev/urandom has been
properly seeded, which it typically is not after first boot.

> All I can really do is trust that the people who write security
> related code know what they are doing.

Right, but like I said above, we must make an effort to know the
assumptions they are making about the system.

> Is there anything else holding this up?

I'm not the best person to review new services — they are still a little
over my head. At least, I should not be the sole reviewer.

In the meantime, can you provide an OS declaration (config.scm) that
makes use of dropbear-service so we can easily test it?

I'd like for this to become standard practice when new services are
submitted for review.