On Thu, Feb 11, 2021 at 07:46:51AM +0000, raid5atemyhomework via Bug reports for GNU Guix wrote: > Hi guix users, > > It strikes me that a better course of action here would be, rather than > providing a warning that might not be noticed by the user, to remove the > default and force people to explicitly put `password-authentication? #t` or > `password-authentication? #f`.
I like this idea. > > That way if I have set up a headless server (possibly having a temporary > keyboard/mouse/monitor during initial install, then forever logging in > afterwards over intranet using my super secret password > "raid5isnotagooddog"), with an existing `configuration.scm` that does not > explicitly give the setting, I cannot accidentally lose access to my headless > server by doing a random `guix pull && sudo guix system reconfigure > configuration.scm` without noticing the warning. > > Especially since there exists an `unattended-upgrades-service-type` which > automates this `guix pull && sudo guix system reconfigure configuration.scm`, > which makes changing this default ***VERY DANGEROUS*** in this use-case. I'd > rather I noticeably error out in this case. I agree, changing the default will cause problems, and I'm not convinced it's a serious problem that warrants changing anyways.
