On Thu, Feb 11, 2021 at 07:46:51AM +0000, raid5atemyhomework via Bug reports for GNU Guix wrote: > Hi guix users, > > It strikes me that a better course of action here would be, rather than providing a warning that might not be noticed by the user, to remove the default and force people to explicitly put `password-authentication? #t` or `password-authentication? #f`. I like this idea. > > That way if I have set up a headless server (possibly having a temporary keyboard/mouse/monitor during initial install, then forever logging in afterwards over intranet using my super secret password "raid5isnotagooddog"), with an existing `configuration.scm` that does not explicitly give the setting, I cannot accidentally lose access to my headless server by doing a random `guix pull && sudo guix system reconfigure configuration.scm` without noticing the warning. > > Especially since there exists an `unattended-upgrades-service-type` which automates this `guix pull && sudo guix system reconfigure configuration.scm`, which makes changing this default ***VERY DANGEROUS*** in this use-case. I'd rather I noticeably error out in this case. I agree, changing the default will cause problems, and I'm not convinced it's a serious problem that warrants changing anyways.