(address . submit@debbugs.gnu.org)
Package: guix
Version: 0.16.0
Severity: wishlist
In a disk-image the ssh host keys are generated anew every time the
system boots. This is a significant security issue - the unknown host
warnings will cause notification blindness and users won't recognize if
the host is legitimately compromised.
There's a workaround involving mounting the disk image (losetup -fP &
mount) after building it and adding the files that way, but it requires
a patch to the openssh service activation procedure to re-reset the file
permissions (they're set to 644 or something by an earlier statement).
I can submit my patch if there's interest.
This is a wishlist bug though since it requires a method to add files
with sensitive contents to the system, which I made another ticket for
(35459).