[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)

* Scott Kitterman:

> On Friday, April 24, 2020 11:54:17 AM EDT Kan-Ru Chen wrote:
>> Hi,
>> On Sat, Apr 25, 2020, at 12:34 AM, Scott Kitterman wrote:
>> > On Friday, April 24, 2020 11:11:49 AM EDT Kan-Ru Chen wrote:
>> > > * Package name    : nss-tls Description     : encrypted glibc name
>> > > 
>> > >   resolving library which uses DNS-over-HTTPS (DoH)
>> > > 
>> > > nss-tls is an alternative, encrypted name resolving library to use
>> > > with glibc, which uses DNS-over-HTTPS (DoH).
>> > 
>> > Without knowing more that what is in the ITP, nss-tls seems like a
>> > counter-
>> > intuitive name for something that doesn't use TLS, but instead HTTPS.
>> Indeed, I agree it is counter-intuitive! If I am starting a new project
>> I would probably call it nss-doh or nss-https.
>> > Is this really the best name for the package?  Could you explain the
>> > background behind the name?
>> The only reason right now is because it's the name used by upstream. I
>> choose to keep the current name and mention DoH in the description to
>> help search.
>> I plan to ask upstream author if they intend to support DoT in the
>> future then the name makes a little more sense. Otherwise if they can
>> change the name to nss-https or something else to avoid confusion.
> Would it make sense to resolve that with upstream before introducing this to 
> Debian?  It would save a trip through New and the confusion inherent in 
> package name instability.

The NSS mmodule is called “tls”:

| Then, add "tls" to the "hosts" entry in /etc/nsswitch.conf, before
| "dns" or anything else that contains "dns".

Renaming it would be a breaking change.  As long as the module has
this name, “nss-tls” does not seem inappropriate to me (although I
agree that it's not ideal).

Reply to: