[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#331405: Accidential activation of nscd is too simple

On Mon, Oct 03, 2005 at 12:33:45PM +0200, Martin Samuelsson wrote:

> Obviously something has automatically dragged nscd into my system as one
> of it's dependencies. (It's marked A in aptitude) And having a software
> cacheing dns lookups from disconnected moments doesn't really make a
> laptop very useable when being connected.

What is that "something"? Investigating the output of apt-cache rdepends
nscd, libnss-pgsql1 and libnss-mdns Suggests: nscd, and libnss-ldap
Recommends: it, but nothing Depends: on it. So you should've given a
choice by whatever package installation frontend you've used.

> One could say that I should have better knowledge of exactly what
> software that is on my system, and how it is configured. However I've
> always found the debian way to be having software installed with
> reasonable defaults. Which I don't think this behaviour is, considering
> it simple to get installed without realizing it.

Well, the description of nscd says: "You should install this package
only if you use slow Services like LDAP, NIS or NIS+". If you are not
using one of these services, why did you choose to install nscd? (I
don't dare to assume that you haven't even read the package description
before letting an unknown and unrequested pacakge installed on your

Also, the default negative-ttl for the hosts map is just 20 seconds
which I think _is_ a quite reasonable default.

> My suggestion would be that nscd was configured by default to not start
> or to never cache any data until explicitly told so by a simple, but
> active act from the system administrator.

Why? You said "I've always found the debian way to be having software
installed with reasonable defaults." The only reasonable default for a
program called Name Service Caching Daemon is to cache name service
calls when installed. Otherwise why did you install it at all?


     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences

Reply to: