bug#47823: Hardenize Guix website TLS/DNS

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47823: Hardenize Guix website TLS/DNS

From:	Marius Bakke
Subject:	bug#47823: Hardenize Guix website TLS/DNS
Date:	Mon, 24 May 2021 23:36:40 +0200

Julien Lepiller <julien@lepiller.eu> skriver:

> Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari <leo@famulari.name> a écrit 
> :
>>On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:
>>> Scanning Guix website gave many missing security features which
>>modern
>>> security needs them to be available:
>>> 
>>> * TLS and DNS:
>>> 
>>> looking at:
>>> 
>>> https://www.hardenize.com/report/guix.gnu.org/1618568751
>>> 
>>> https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org
>>
>>Thanks!
>>
>>> - DNS: DNSSEC support missing (important)
>>
>>Hm, is it important? My impression is that it's an idea whose time has
>>passed without significant adoption.
>>
>>But maybe we could enable it if the costs are not too great.
>
> gnu.org does not have dnssec, so we'd need them to work on that first.

gnu.org used to have DNSSEC, but disabled it because it gave NXDOMAIN
on machines with systemd-resolved:

  https://github.com/systemd/systemd/issues/9867

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47823: Hardenize Guix website TLS/DNS, Marius Bakke <=
- bug#47823: Hardenize Guix website TLS/DNS, bo0od, 2021/05/25
  - bug#47823: Hardenize Guix website TLS/DNS, Julien Lepiller, 2021/05/25
    - bug#47823: Hardenize Guix website TLS/DNS, bo0od, 2021/05/25

Prev by Date: bug#46333: sbcl-common-lisp-jupyter does not install kernel.json
Next by Date: bug#48636: Gajim does not load the "close" icon on the chat window
Previous by thread: bug#41625: Sporadic guix-offload crashes due to EOF errors
Next by thread: bug#47823: Hardenize Guix website TLS/DNS
Index(es):
- Date
- Thread