Support LRob <[email protected]> writes: > On a broader note: I've raised privacy and security concerns several > times in this thread, but I haven't seen them directly addressed, except > perhaps by Matthew, who expressed sympathy for my position.
Again, just a bystander here and not a member of the technical committee, but what I's say is that I'm sympathetic but I also found the argument that this is the purpose of resolvconf to be persuasive. It seems fairly clear from your previous messages that you do not want what resolvconf does and do not want the package installed and did not realize that it was installed or what it would do. I don't like that you were surprised, and I think that indicates a problem somewhere, but it's not obvious to me that it's a problem with unbound, as opposed to a problem with however you got resolvconf installed in the first place when you clearly didn't want it. Or at least did not know that you should remove it for this use case. I *think* removing resolvconf would resolve your problem, and maybe a better place to put effort would be to make sure people know that this is what resolvconf does and that they should remove it if they don't want this behavior. I personally have used resolvconf in the past and didn't know that it would do this, even though in retrospect it's possible to derive that information from the package description, so it does seem reasonable to me that there's room for improvement there. I'm very sympathetic to the argument that most laptop users want resolvconf and want this behavior since otherwise their computer is not going to work the way they expect (captive portals are very common), so I think the behavior provided by the current configuration of unbound plus resolvconf is valuable, but may need to be better targeted. (It's fairly important to get captive portals working in that use case because when they don't, it may not be possible for the user to install a package to fix the problem, since by definition they don't have network when the captive portal is not working.) > I'm also wondering whether I initially directed this to the right place, > given that my primary concern is security rather than a purely technical > disagreement. This is the right place. -- Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/>
