Re: avahi-daemon
(This reply was started some days ago, but I thought it might be best
to wait a little before responding to you. Besides, I took some time
to document myself on some of the issues you mentionned.)
Hi,
On Wed, Feb 22, 2006, Michael Stone wrote:
> >(nss-mdns does mdns too, but it's not related to avahi)
> Package: avahi-daemon
> Recommends: libnss-mdns
> The dependency chains here get a little scary.
Indeed, but it's even worse! avahi-daemon recommends libnss-mdns which
recommends zeroconf. However, both Recommends are bogus. There's a
bug against the second one, and I talked a little with Sjoerd on the
first one, and it seems it's not required either, it's more of
something until we get a mdns task.
So yes, you're correct, this is a scary dependency, which shouldn't be
there. Nor the libnss-mdns dependency on zeroconf shouldn't be there
(it should be the other way around actually).
And zeroconf is a software which is known to cause some trouble in
existing network configurations (not avahi alone).
> >From a security point of view, everything feature introduce risk. If
> >you base all you reasonning on security, that is if you make security
> >rule number 1, you get zero feature.
> And if you introduce questionable features with huge security
> implications without thinking them through you get a real mess which is
> going to take a lot of work down the road to clean up. There's a real
> danger inherent in focusing on a particular bit of functionality and
> ignoring its larger implications, *especially* in a project as large as
> debian.
If music sharing is a questionable feature to you, you don't need to
discuss this further, you're obviously the security guy, talking in
debian-security@ of stuff he doesn't want to support security-wise, and
don't want to see running on his server. Would this discussion happen
on a multimedia list, the situation would be kind of the opposite, and
people would be shouting loud if that wasn't pulled in by default.
The rest of your point is simply too fuzzy to discuss any further,
you're being too general sorry.
> >You can't take the decision to remove a feature because most people
> >install GNOME for other reasons than that feature. Otherwise one would
> >use the same reasonning for all features in GNOME and remove them all.
> Your logic is frankly questionable. Anytime you start with a
> proposition like "making that decision equates to removing every
> possible feature" you're probably making a logical leap.
Probably, I certainly don't have to discuss all features as painfully
as this one. But there's no other way to get it, the point being in
not having any central server, you have to listen for requests. Any
other proposal to implement the functionality and interoperability with
iTunes is welcome.
Besides, the work is done quite cleanly with a chroot and a separate
user.
But sure, a small door has been opened which wasn't there before.
> I don't see any of those appearing on any network I maintain. I've now
> trumped your assertion with one of my own, do I win something?
That's outrageous, the fact you don't have anything on your network is
a real pity, it means you simply have no ground to talk on the feature
you want absolutely removed. I've seen a lot of types of shares while
browsing various networks, the latest of which were the networks of
geeks at FOSDEM: typically a mixture of feature-maniacs, and
security-paranoiacs. Surprisingly, lot's of stuff was advertized
there, ranging from music and file shares to SSH, HTTP, or SFTP
servers.
Will other people at FOSDEM confirm this? Just install the
service-discovery-applet and switch networks for a while.
> On any
> *managed* network I don't think that having stuff like this appear out
> of nowhere is particularly beneficial. On a small home network I'm not
> convinced it buys you anything because you're not generally dealing with
> enough stuff to need a service location solution. I'm sure its
> potentially very useful on geeky home networks with lots of systems and
> services, but I'm not sure that's a reasonable basis for a default
> configuration.
Right, people running Debian or Ubuntu at home are typically not
interested in sharing music between computers at home.
I completely agree with the managed network part, but in such a
network:
- would you have music players installed?
- wouldn't you filter out any other port than HTTP, HTTPS, and FTP?
Cheers,
--
Loïc Minier <lool@dooz.org>
Current Earth status: NOT DESTROYED
Reply to: