2012/1/6 Russ Allbery <[email protected]>: > djbdns isn't unmaintained. There's a disagreement between the package > maintainer and the security team over whether it should be in a Debian > release, since the package has a security weakness (which is inherently > unfixable in all implementations of the DNS protocol, but which can be > hardened against slightly in a way that the upstream for djbdns is not > interested in doing).
Some security experts claim it cannot be hardened without: a) major efficiency penalty (which is essential for my purposes) [0] c) creating more security problems [1][2] As dnscache in Debian package is not configured to be run out of the box, security team effectively prohibits the community from using absolutely free, safe and efficient software, as there is no exploits available when you configure it on the loopback interface or for hosts you trust, e.g. for your cloud of services. S. [0] http://marc.info/?l=djbdns&m=124047690620137&w=1 and next messages in that thread [1] http://www.ntia.doc.gov/dns/comments/comment027.pdf [2] http://cr.yp.to/djbdns/forgery.html -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAPRDrAGA3LAS6r33T-G1i7wK_JmzHjbr6m1Hnn9JY7U=hjs...@mail.gmail.com
