[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9-chroot (was: questions on ITP)



On 28/09/01 Ethan Benson wrote:
> On Fri, Sep 28, 2001 at 10:15:09AM +0200, Christian Kurz wrote:
> > > lets not exaggerate, the only distribution i know that actually

> > Where I'm an exaggerating, I'm just describing the problem and how one
> > possible one to handle it would be.

> you are making grandiose claims that people will abandon debian in
> droves to use other distros if debian does not supply quick and
> automatic chroot options for bind.  i counter that the other

No, please reread my previous mails: I claim that people will abandon
debian, if we only support chrooting bind via mount --bind and not
offering alternative at least for users of kernel 2.2.x. 

> distributions don't chroot bind by default nor offer chroot as an
> option, you have to do it manually.

Right, but is that a good reason to just support chroot for those
administrators running 2.4.x and not for mostly all administrators?

> so why would someone abandon debian if they have to do a chroot config
> manually under 2.2 kernels when they have to do it manually on all the
> other dists no matter what kernel they use?

At least I would be upset if I install a bind package which just offers
to chroot itself when I use kernel 2.4.x and not when I use a kernel
2.2.x. That would offend me and make me look for an other distribution
where either I get full support for chrooting bind or completely do it
manually, independent from the kernel version.

> > > chroots bind by default is OpenBSD.  it wasn't until very recently

> > It's not about the problem of having chroot by default. Having a script
> > that is invoked upon user interaction that generates the chroot would in
> > my opinion be also an acceptable solution. We just shouldn't have a
> > solution for chrooting bind that depends on kernel 2.4.x features.

> I think respecting debian policy is more important then supporting 2.2
> kernels for chrooted bind.

Then please respect also the Debian Free Software Guidelines, that
clearly state:

|  4. Our Priorities are Our Users and Free Software
|
|     We will be guided by the needs of our users and the free-software
|     community. We will place their interests first in our priorities. We

> the only real options for 2.2 are:

> 1: rsync /etc/bind to $chroot/etc/bind in the initscript on start.

> 2: violate policy and move the config files out of /etc

> option 1 sucks since you have to fully restart bind to make changes to
> your configs instead of merly sending a SIGHUP (or is that even
> needed?) 

Hm, I would say that rndc (ndc for bind 8) would still work, so that you
would only need SIGHUP seldom. So option 1 sounds like a possible
solution to me.

> option 2 is unnacceptable IMO, and really in fact by current policy,
> and throwing away policy would be foolish since thats what makes
> debian such high quality distribution.

Agreed, but that's why we have option 1. ;-)

Christian
-- 
           Debian Developer (http://www.debian.org)
1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

Attachment: pgpwS5HfGyp5F.pgp
Description: PGP signature


Reply to: