On May 22, 2013, at 15:11 , Jakob Schlyter <[email protected]> wrote: > On 22 maj 2013, at 15:07, Fredrik Pettai <[email protected]> wrote: > >> One thing that struck me while having a discussion about different formats, >> is why OpenDNSSEC has it's configuration files in the XML format? I >> understood that (at least one of) the design idea(s) behind it, was that >> other provision systems that use OpenDNSSEC as a backend should be able to >> generate/rewrite configuration to OpenDNSSEC. Is that a reality today, or >> was it just a pipe dream? :-) > > Yes, there are systems today that generated XML for OpenDNSSEC. XML is also > used for enforcer/signer interaction, and using the same syntax for all files > made sense. We could have used JSON, but then syntax checking would have been > less strict. > >> As an OpenDNSSEC user, the configuration is unnecessarily filled with (too) >> much information, making it less readable. As a package maintainer, having >> to depend on libxml2 is not something that is positive, due to all security >> vulnerabilities that comes with libxml2. > > No XML files that OpenDNSSEC use should be writable by non-admins, so any > security issues with libxml2 are, IMHO, moot in this context.
Sure, but you still have to install it, update and patch it... >> I do understand that it would take time that could be spent on other things >> to rewrite this, and I wouldn't suggest that this should be on the roadmap >> for OpenDNSSEC 1.x. But maybe OpenDNSSEC 2.x could add support for less >> complicated configuration syntax? > > Changing the configuration file format is not on the roadmap for 2.0, but we > will look into this for future releases. > > Not starting the my-favorite-config-file-format war, but what would you > recommend us to look at in the future? Just key value format, without the XML type definitions… /P _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
