Package: zeroconf Version: 0.9-1 Severity: critical Justification: breaks unrelated software
on recent updates to testing of some of my systems zeroconf was installed because of recommends of other packages (kde etc.) Like other users have already reported this resulted in an *additional* IP-address assigned to the primary network interface as a link local address. Since the user never directed the update to reconfigure the network setting, this is a policy violation. The default of the zeroconf settings should be, either "do never configure the add hoc ip address" or "only configure the add hoc ip address if no ip address is configured for this interface". The problem with the additional ip address is unexpected behaviour of unrelated software. With the two ip addresses the machine broadcasts with two different addresses. This might result in alarms in the network, because a machine comunicates with the wrong address. This might also result in the disabling of the machine on a switch which sees the wrong address (cisco catalyst dhcp-snooping). Some programs rely on the configured and allowed ip address to operate. If now one machine responds on a different address because it can also reach the other machine with it, we get a problem. We have one report that ssh reports a security warning, because a key is recorded with a different ip address. Services using tcpwrappers get configured with ip addresses. These services will sometimes fail because they use the wrong addresses. Some programs will not bind to the wildcard any address but to all ip addresses they find (like ntp, sendmail, bind etc.). This will result in at least additional warnings in syslog etc. if not in malfunction. if the program only configures the first address for one interface it will probably break. These are only some of the problems I have detected. In short: I never told the system to install this particular package nor did I authorize it to change my configuration. So it should not change my network configuration in any way. You could introduce debconf questions or just make the default configuration disabled or fallback. Christoph -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (99, 'testing'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.17-2-k7 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages zeroconf depends on: ii ifupdown 0.6.7 high level tools to configure netw ii iproute 20041019-3 Professional tools to control the ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
