bug#47823: Hardenize Guix website TLS/DNS

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47823: Hardenize Guix website TLS/DNS

From:	bo0od
Subject:	bug#47823: Hardenize Guix website TLS/DNS
Date:	Tue, 25 May 2021 12:51:29 +0000

Then dont use systemd to do that. There many other methods/tools toachieve having it.


Marius Bakke:

Julien Lepiller <julien@lepiller.eu> skriver:

Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari <leo@famulari.name> a écrit :

On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:

Scanning Guix website gave many missing security features which

modern

security needs them to be available:

* TLS and DNS:

looking at:

https://www.hardenize.com/report/guix.gnu.org/1618568751

https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org


Thanks!

- DNS: DNSSEC support missing (important)


Hm, is it important? My impression is that it's an idea whose time has
passed without significant adoption.

But maybe we could enable it if the costs are not too great.


gnu.org does not have dnssec, so we'd need them to work on that first.


gnu.org used to have DNSSEC, but disabled it because it gave NXDOMAIN
on machines with systemd-resolved:

   https://github.com/systemd/systemd/issues/9867

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47823: Hardenize Guix website TLS/DNS, Marius Bakke, 2021/05/24
- bug#47823: Hardenize Guix website TLS/DNS, bo0od <=
  - bug#47823: Hardenize Guix website TLS/DNS, Julien Lepiller, 2021/05/25
    - bug#47823: Hardenize Guix website TLS/DNS, bo0od, 2021/05/25

Prev by Date: bug#48649: Guix doesn't boot with LUKS root partition
Next by Date: bug#47823: Hardenize Guix website TLS/DNS
Previous by thread: bug#47823: Hardenize Guix website TLS/DNS
Next by thread: bug#47823: Hardenize Guix website TLS/DNS
Index(es):
- Date
- Thread