[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] services: Add 'dropbear-service'.

From: Leo Famulari
Subject: Re: [PATCH 2/2] services: Add 'dropbear-service'.
Date: Sat, 9 Jul 2016 14:32:06 -0400
User-agent: Mutt/1.6.0 (2016-04-01)

On Sat, Jul 09, 2016 at 04:39:02PM +0200, David Craven wrote:
> Yeah, I should have better said I don't know instead of talking out of my ass.

That's harsh! I'm not an expert either, but I have begun trying to
understand the assumptions that programs like SSH daemons make in their
security model. In some cases, they assume that /dev/urandom has been
properly seeded, which it typically is not after first boot.

> All I can really do is trust that the people who write security
> related code know what they are doing.

Right, but like I said above, we must make an effort to know the
assumptions they are making about the system.

> Is there anything else holding this up?

I'm not the best person to review new services — they are still a little
over my head. At least, I should not be the sole reviewer.

In the meantime, can you provide an OS declaration (config.scm) that
makes use of dropbear-service so we can easily test it?

I'd like for this to become standard practice when new services are
submitted for review.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]