[S] Change in pysim[master]: personalization: set default values

Attention is currently required from: neels. laforge has posted comments on this change by neels. ( https://gerrit.osmocom.org/c/pysim/+/40094?usp=email ) Change subject: personalization: set default values ...................................................................... Patch Set 2: Code-Review-1 (7 comments) Commit Message: https://gerrit.osmocom.org/c/pysim/+/40094/comment/02406a05_f38afaab?usp=em… : PS2, Line 11: This is useful for user interaction, to prefill an input field that : indicates a valid input to modify to taste. I beg to differ. Filling default values is dangerous as it makes the form validate without the user having provided reasonable input to all of them. In other words, having default values is likely to make it easy for users to personalize profiles with something they don't want? It might depend on the actual parameter, but for sure something like IMSI or K/OPc should never have a default, as there is no reasonable default that is true for most use cases. Those are always individual... File pySim/esim/saip/personalization.py: https://gerrit.osmocom.org/c/pysim/+/40094/comment/dc3446be_48aa8fe5?usp=em… : PS2, Line 278: default_value there's no point of an all-zero default ICCID. https://gerrit.osmocom.org/c/pysim/+/40094/comment/36215e1a_5cff6661?usp=em… : PS2, Line 299: I also think there's no point in having a default for the IMSI https://gerrit.osmocom.org/c/pysim/+/40094/comment/decfdbb0_d7ea037e?usp=em… : PS2, Line 467: default_value = '0' * allow_len I'm not sure why any security key / pin should have any default value at all. This seems more like its introducing a security issue as anyone not explicitly setting a PUK would get 00000000 instead of a warning/error/exception? https://gerrit.osmocom.org/c/pysim/+/40094/comment/d1fe8be5_64b46f16?usp=em… : PS2, Line 494: default_value = '0' * max_len same here https://gerrit.osmocom.org/c/pysim/+/40094/comment/1382f00c_548564dc?usp=em… : PS2, Line 565: default_value = 1 # Milenage here I agree that a default actually does make sense. https://gerrit.osmocom.org/c/pysim/+/40094/comment/16919990_827bb8c0?usp=em… : PS2, Line 582: default_value = '00' * allow_len no cryptographic key should have any default value. It's just creating security nightmares. -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40094?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I2672fedcbc32cb7a6cb0c233a4a22112bd9aae03 Gerrit-Change-Number: 40094 Gerrit-PatchSet: 2 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: neels <nhofmeyr(a)sysmocom.de> Gerrit-Comment-Date: Tue, 22 Apr 2025 08:41:26 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes