#nixos-security on 2018-09-04

17:39 {`-`} has joined #nixos-security

17:51 <pie__> would it be appropriate to default this to off on a nixos level? https://blog.powerdns.com/2018/09/04/on-firefox-moving-dns-to-a-third-party/

17:52 <pie__> i guess probably not?

17:52 <pie__> (assuming it goes through)

17:54 <gchristensen> probably not, we have to keep it to be standard with upstream to call it Firefox

18:35 <andi-> We could add an unbranded "secure" Firefox in addition.. But not sure that would be maintained.

20:45 <andi-> pie__: have you tought about using a group policies like thing for those settings? I've never done that but supposedly such mechanisms exist.. if we would allow users (without the defaults?) to configure it system wide that should be fine?

20:46 <pie__> andi-, idk about group policies but i know windows has stuff like that

20:46 <pie__> i would like it if nix(os/pkgs) had more functionality for configuring end user apps

20:47 <pie__> probably falls in the scope of nix-home or whatsit

20:47 <pie__> gchristensen, hm.

20:47 <andi-> https://github.com/mozilla/policy-templates/blob/master/README.md

20:48 <andi-> I think system wide defaults could be part of nixos

20:51 <andi-> But even then I'd probably not be happy with disabling it by default.. it feels like a cheap hack around their policies?

21:16 <pie__> idk *shrug* :/

21:16 <pie__> well, maybe nixpkgs needs a "paranoid" "branch"

21:16 <pie__> :P

21:16 <pie__> drop some qubesOS stuff in there, etc etc

21:16 <pie__> that would be nice

21:17 <pie__> </offtopic>

23:39 {^_^} has quit [Remote host closed the connection]

23:39 {^_^} has joined #nixos-security