Then dont use systemd to do that. There many other methods/tools to
achieve having it.
Marius Bakke:
Julien Lepiller <julien@lepiller.eu> skriver:
Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari <leo@famulari.name> a écrit :
On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote:
Scanning Guix website gave many missing security features which
modern
security needs them to be available:
* TLS and DNS:
looking at:
https://www.hardenize.com/report/guix.gnu.org/1618568751
https://www.ssllabs.com/ssltest/analyze.html?d=guix.gnu.org
Thanks!
- DNS: DNSSEC support missing (important)
Hm, is it important? My impression is that it's an idea whose time has
passed without significant adoption.
But maybe we could enable it if the costs are not too great.
gnu.org does not have dnssec, so we'd need them to work on that first.
gnu.org used to have DNSSEC, but disabled it because it gave NXDOMAIN
on machines with systemd-resolved:
https://github.com/systemd/systemd/issues/9867