Re: Replacing isc-dhcp-client with dhcpcd-base (Was: ifupdown maintenance)
- To: Daniel Gröber <dxld@darkboxed.org>, Martin-Éric Racine <martin-eric.racine@iki.fi>
- Cc: Santiago Ruano Rincón <santiagorr@riseup.net>, "Sean Whitton" <spwhitton@spwhitton.name>, ktetzlaff <debian@tetzco.de>, "Josue Ortega" <josue@debian.org>, debian-devel@lists.debian.org, ifupdown@packages.debian.org, ifupdown2@packages.debian.org, ifupdown-ng@packages.debian.org, 1038882@bugs.debian.org, team+networking@tracker.debian.org
- Subject: Re: Replacing isc-dhcp-client with dhcpcd-base (Was: ifupdown maintenance)
- From: "Henrique de Moraes Holschuh" <hmh@debian.org>
- Date: Sun, 15 Sep 2024 12:33:42 -0300
- Message-id: <[🔎] cced7f4e-bc75-477e-aa07-2c840f5a1dba@app.fastmail.com>
- In-reply-to: <[🔎] 20240914123008.6vbk57ldsyyxo7nd@darkboxed.org>
- References: <CAPZXPQdFDS4UXjvUfio7C44s22sx0hMNfDkRjmW_0zG2fep_yA@mail.gmail.com> <20240707135644.q227pfu4lg3dsqg7@House.clients.dxld.at> <CAPZXPQct_xUo-xNCEk-2k+U9Edzk+LqMCerLwJHokLwjFM8r6Q@mail.gmail.com> <ZowEZI4WkhqAkEIy@voleno> <[🔎] 87jzffncb9.fsf@zephyr.silentflame.com> <[🔎] CAPZXPQfKKDVxDF1jiZZwsOMreAKzABtpkB7ePndiuORTqgzAAA@mail.gmail.com> <[🔎] ZuS52yMI2WY01Wj9@voleno> <[🔎] CAPZXPQdx=1EbTMUcYPdDGJdBEaCairaW_P5eP_VfSgpD07oUAQ@mail.gmail.com> <[🔎] 20240914123008.6vbk57ldsyyxo7nd@darkboxed.org>
On Sat, Sep 14, 2024, at 09:30, Daniel Gröber wrote:
> 3) dhcpcd-base enables IPv6 privacy addressess by default.
Please never do this *by silent default* when DHCPv6 is being used for stateful address assignment, privacy addresses are a big issue on non-home networks and even on home networks depending on firewall rules...
Although I suppose a relevant note on NEWS.Debian *and* the Release Notes might be enough if.we consider it is desirable for most installs.
> 3) Since ifupdown is mainly used in the server/embedded sorts of
> enviornments I'm not sure privacy addressing is the right default.
> (cf. /etc/dhcpcd.conf having `slaac private` thus enabling RFC 7217
> addressing). We can assume NM will be in use for most Desktop users so I
> believe it's safe in principle to retain the current MAC based SLAAC
> address behaviour we used to get from the kernel RA implementation.
> Thoughts?
Agreed, the less surprises here, the better.
--
Henrique de Moraes Holschuh <hmh@debian.org>
Reply to: