Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)
* Scott Kitterman:
> On Friday, April 24, 2020 11:54:17 AM EDT Kan-Ru Chen wrote:
>> Hi,
>>
>> On Sat, Apr 25, 2020, at 12:34 AM, Scott Kitterman wrote:
>> > On Friday, April 24, 2020 11:11:49 AM EDT Kan-Ru Chen wrote:
>> > > * Package name : nss-tls Description : encrypted glibc name
>> > >
>> > > resolving library which uses DNS-over-HTTPS (DoH)
>> > >
>> > > nss-tls is an alternative, encrypted name resolving library to use
>> > > with glibc, which uses DNS-over-HTTPS (DoH).
>> >
>> > Without knowing more that what is in the ITP, nss-tls seems like a
>> > counter-
>> > intuitive name for something that doesn't use TLS, but instead HTTPS.
>>
>> Indeed, I agree it is counter-intuitive! If I am starting a new project
>> I would probably call it nss-doh or nss-https.
>>
>> > Is this really the best name for the package? Could you explain the
>> > background behind the name?
>>
>> The only reason right now is because it's the name used by upstream. I
>> choose to keep the current name and mention DoH in the description to
>> help search.
>>
>> I plan to ask upstream author if they intend to support DoT in the
>> future then the name makes a little more sense. Otherwise if they can
>> change the name to nss-https or something else to avoid confusion.
>
> Would it make sense to resolve that with upstream before introducing this to
> Debian? It would save a trip through New and the confusion inherent in
> package name instability.
The NSS mmodule is called “tls”:
| Then, add "tls" to the "hosts" entry in /etc/nsswitch.conf, before
| "dns" or anything else that contains "dns".
Renaming it would be a breaking change. As long as the module has
this name, “nss-tls” does not seem inappropriate to me (although I
agree that it's not ideal).
Reply to: