This one time, at band camp, Charles Plessy said: > Package: debian-policy > Version: 3.9.4 > Severity: wishlist > > Le Thu, Oct 24, 2013 at 09:28:32AM +0200, Ondřej Surý a écrit : > > Hi James, > > > > since the authoritative-name-server idea was rejected by the list, I was > > going to propose alternative: > > > > security-aware-resolver > > > > The definition from RFC4033: > > > > Security-Aware Resolver: An entity acting in the role of a resolver > > (defined in section 2.4 of [RFC1034]) that understands the DNS > > security extensions defined in this document set. In particular, > > a security-aware resolver is an entity that sends DNS queries, > > receives DNS responses, supports the EDNS0 ([RFC2671]) message > > size extension and the DO bit ([RFC3225]), and is capable of using > > the RR types and message header bits defined in this document set > > to provide DNSSEC services. > > Dear all, > > are there Debian Developers seconding or objecting to this new virtual package > name ? What is the benefit? Do any packages plan to make use of this? Also, what is the expected usage? Is it going to be like the various MTA packages that replace/conflict/provide each other? This would break the debian.org machines, for a start. I'm sure other people also run a local recursive resolver on the same machine as an authoritative name server as well. We happen to use bind for authoritative services and unbound as a local recursor. Since they can both provide security-aware-resolver, will we be able to install both simultaneously? As others have said before, this sounds much more suited to debtags than packaging metadata to me. Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature