Package: libnss-mdns
Version: 0.8-5
Severity: wishlist

Please build libnss-mdns by default with --disable-legacy,
i.e. disabling the internal mini-stack included in stock nss-mdns.

If required build an alternative version with --enable-legacy, maybe
called libnss-mdns-legacy with the mDNS mini-stack activated. 

A discussion why this is a good idea (security) and what
--disable-legacy is actually about has been included in
this thread:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393711

The only reasons I see why people would want to use the mini-stack
(i.e. --enable-legacy) are: 1. usage in conujunction with a different
mDNS daemon implementation, 2. usage in an embedded system where
avahi-daemon would not fit in, 3. usage of mdns host names during boot
before avahi-daemon is started (i.e. NFS shares).

Since Debian only ships Avahi reason #1 shouldn't cound. Embedded
people should be able to compile their own versions of libnss-mdns,
hence #2 is invalid. #3 might be a real problem, however people mounting
NFS shares by mdns host names look for trouble anyway. In addition
this problem can be overcome by fiddling with the init script order.

Thanks,
        Lennart

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages libnss-mdns depends on:
ii  base-files                   4           Debian base system miscellaneous f
ii  libc6                        2.3.6.ds1-7 GNU C Library: Shared libraries

libnss-mdns recommends no packages.

-- no debconf information

-- 
Lennart Poettering; lennart [at] poettering [dot] net
ICQ# 11060553; GPG 0x1A015CC4; http://0pointer.net/lennart/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to