[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

debian.net domains: opening up the LDAP dnsZoneEntry attribute

Dear all,
  the *.debian.net domains [1] are a useful resource that allow Debian
Developers to set up services under a debian-ish namespace. We routinely
use it to experiment with services before transferring them to the
official Debian infrastructure (debian.org) managed by DSA.  I remind
you that documentation on how to register debian.net entries is
available at [2].

[1] http://wiki.debian.org/DebianDotNet
[2] https://db.debian.org/doc-mail.html

Up to now, the information about registered debian.net entries has been
easily accessible via LDAP only to Debian Developers. The wiki index [1]
attempts to mitigate that, but it is doomed to be incomplete and out of
date. That is unfortunate. Also, there seems to be no useful reason to
keep that list non-public.

After discussion on -devel [3,4] we --- as in: DSA and myself --- have
decided to open up the list of debian.net entries. The dnsZoneEntry LDAP
attribute, currently only queryable from debian.org machines, will be
made publicly accessible.

[3] http://lists.debian.org/debian-devel/2012/03/msg00123.html
[4] http://lists.debian.org/debian-devel/2012/03/msg00167.html

It will then become easy (and legitimate) for everyone to query those
data and, for instance, publish a complete index of debian.net entries
together with entry <-> registrant associations.

As the attribute used to be private, the change will happen *1 month
from now*. In case you who were relying on that information to remain
private, that should give you enough time to clean it up. (Note also
that the data stored in the dnsZoneEntry attribute already generates
public information in the form of DNS RRs; the forthcoming change will
simply make it easier to access for legitimate use.)

Stefano Zacchiroli     zack@{upsilon.cc,pps.jussieu.fr,debian.org} . o .
Maître de conférences   ......   http://upsilon.cc/zack   ......   . . o
Debian Project Leader    .......   @zack on identi.ca   .......    o o o
« the first rule of tautology club is the first rule of tautology club »

Attachment: signature.asc
Description: Digital signature

Reply to: