su 6.4.2025 klo 22.09 Diederik de Haas ([email protected]) kirjoitti:
>
> Source: dhcpcd
> Version: 1:10.1.0-8
> Severity: wishlist
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Right now, resolvconf is the first Suggests for dhcpcd-base, followed by
> openresolv. But I recently saw https://bugs.debian.org/860564
> ("openresolv is less crippled than debian-resolvconf for
> security-focused configurations") in which Jason A. Donenfeld said this:
>
> Debian has its own "resolvconf" which is vastly inferior and makes it
> impossible to securely set up DNS servers for ephemeral secure tunnel
> interfaces.
>
> Therefore, I'd suggest that either:
> a) Debian switch to using Openresolv by default instead of its own
> "resolvconf"
> ...
>
> So it seems like a good idea to have ``openresolv`` as first suggestion.
> That is has the same upstream maintainer/developer may be useful too.
Doable, and same upstream as the first choice makes sense.
> While researching all this, I also found commit 11bbf768f579
> ("Add wpasupplicant to Recommends for dhcpcd-base for SSID profiles")
> (it's now on ``dhcpcd``)
>
> I'm not entirely sure what "SSID profiles" are, but if it is meant to
> store credentials for multiple wireless networks, that's a functionality
> that the ``iwd`` package/program also supports.
> If I 'guessed' "SSID profiles" correctly, maybe add ``iwd`` as an
> alternative Recommends?
See the man page. If connecting via a wireless device, dhcpcd can
select which credentials it will pass wpasupplicant. Kinda like the
ifupdown wpa-ssid and wpa-psk options.
Martin-Éric
