Attention is currently required from: neels.
Patch set 2:Code-Review -1
7 comments:
Commit Message:
This is useful for user interaction, to prefill an input field that
indicates a valid input to modify to taste.
I beg to differ. Filling default values is dangerous as it makes the form validate without the user having provided reasonable input to all of them.
In other words, having default values is likely to make it easy for users to personalize profiles with something they don't want?
It might depend on the actual parameter, but for sure something like IMSI or K/OPc should never have a default, as there is no reasonable default that is true for most use cases. Those are always individual...
File pySim/esim/saip/personalization.py:
Patch Set #2, Line 278: default_value
there's no point of an all-zero default ICCID.
I also think there's no point in having a default for the IMSI
Patch Set #2, Line 467: default_value = '0' * allow_len
I'm not sure why any security key / pin should have any default value at all. This seems more like its introducing a security issue as anyone not explicitly setting a PUK would get 00000000 instead of a warning/error/exception?
Patch Set #2, Line 494: default_value = '0' * max_len
same here
Patch Set #2, Line 565: default_value = 1 # Milenage
here I agree that a default actually does make sense.
Patch Set #2, Line 582: default_value = '00' * allow_len
no cryptographic key should have any default value. It's just creating security nightmares.
To view, visit change 40094. To unsubscribe, or for help writing mail filters, visit settings.