[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#727754: New "security-aware-resolver" virtual package.

This one time, at band camp, Charles Plessy said:
> Package: debian-policy
> Version: 3.9.4
> Severity: wishlist
> Le Thu, Oct 24, 2013 at 09:28:32AM +0200, Ondřej Surý a écrit :
> > Hi James,
> > 
> > since the authoritative-name-server idea was rejected by the list, I was
> > going to propose alternative:
> > 
> > security-aware-resolver
> > 
> > The definition from RFC4033:
> > 
> >    Security-Aware Resolver: An entity acting in the role of a resolver
> >       (defined in section 2.4 of [RFC1034]) that understands the DNS
> >       security extensions defined in this document set.  In particular,
> >       a security-aware resolver is an entity that sends DNS queries,
> >       receives DNS responses, supports the EDNS0 ([RFC2671]) message
> >       size extension and the DO bit ([RFC3225]), and is capable of using
> >       the RR types and message header bits defined in this document set
> >       to provide DNSSEC services.
> Dear all,
> are there Debian Developers seconding or objecting to this new virtual package
> name ?

What is the benefit?  Do any packages plan to make use of this?

Also, what is the expected usage?  Is it going to be like the various
MTA packages that replace/conflict/provide each other?  This would break
the debian.org machines, for a start.  I'm sure other people also run a
local recursive resolver on the same machine as an authoritative name
server as well.  We happen to use bind for authoritative services and
unbound as a local recursor.  Since they can both provide
security-aware-resolver, will we be able to install both

As others have said before, this sounds much more suited to debtags than
packaging metadata to me.

|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |

Attachment: signature.asc
Description: Digital signature

Reply to: