Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)
>>> The only reason right now is because it's the name used by upstream. I >>> choose to keep the current name and mention DoH in the description to >>> help search. >>> >>> I plan to ask upstream author if they intend to support DoT in the >>> future then the name makes a little more sense. Otherwise if they can >>> change the name to nss-https or something else to avoid confusion. >> Would it make sense to resolve that with upstream before introducing this to >> Debian? It would save a trip through New and the confusion inherent in >> package name instability. Hi, I opened an issue upstream on https://github.com/dimkr/nss-tls/issues/55. I hope I am not too enthusiast! Adrien
Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)
* Scott Kitterman: > On Friday, April 24, 2020 11:54:17 AM EDT Kan-Ru Chen wrote: >> Hi, >> >> On Sat, Apr 25, 2020, at 12:34 AM, Scott Kitterman wrote: >> > On Friday, April 24, 2020 11:11:49 AM EDT Kan-Ru Chen wrote: >> > > * Package name: nss-tls Description : encrypted glibc name >> > > >> > > resolving library which uses DNS-over-HTTPS (DoH) >> > > >> > > nss-tls is an alternative, encrypted name resolving library to use >> > > with glibc, which uses DNS-over-HTTPS (DoH). >> > >> > Without knowing more that what is in the ITP, nss-tls seems like a >> > counter- >> > intuitive name for something that doesn't use TLS, but instead HTTPS. >> >> Indeed, I agree it is counter-intuitive! If I am starting a new project >> I would probably call it nss-doh or nss-https. >> >> > Is this really the best name for the package? Could you explain the >> > background behind the name? >> >> The only reason right now is because it's the name used by upstream. I >> choose to keep the current name and mention DoH in the description to >> help search. >> >> I plan to ask upstream author if they intend to support DoT in the >> future then the name makes a little more sense. Otherwise if they can >> change the name to nss-https or something else to avoid confusion. > > Would it make sense to resolve that with upstream before introducing this to > Debian? It would save a trip through New and the confusion inherent in > package name instability. The NSS mmodule is called “tls”: | Then, add "tls" to the "hosts" entry in /etc/nsswitch.conf, before | "dns" or anything else that contains "dns". Renaming it would be a breaking change. As long as the module has this name, “nss-tls” does not seem inappropriate to me (although I agree that it's not ideal).
Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)
On Friday, April 24, 2020 11:54:17 AM EDT Kan-Ru Chen wrote: > Hi, > > On Sat, Apr 25, 2020, at 12:34 AM, Scott Kitterman wrote: > > On Friday, April 24, 2020 11:11:49 AM EDT Kan-Ru Chen wrote: > > > * Package name: nss-tls Description : encrypted glibc name > > > > > > resolving library which uses DNS-over-HTTPS (DoH) > > > > > > nss-tls is an alternative, encrypted name resolving library to use > > > with glibc, which uses DNS-over-HTTPS (DoH). > > > > Without knowing more that what is in the ITP, nss-tls seems like a > > counter- > > intuitive name for something that doesn't use TLS, but instead HTTPS. > > Indeed, I agree it is counter-intuitive! If I am starting a new project > I would probably call it nss-doh or nss-https. > > > Is this really the best name for the package? Could you explain the > > background behind the name? > > The only reason right now is because it's the name used by upstream. I > choose to keep the current name and mention DoH in the description to > help search. > > I plan to ask upstream author if they intend to support DoT in the > future then the name makes a little more sense. Otherwise if they can > change the name to nss-https or something else to avoid confusion. Would it make sense to resolve that with upstream before introducing this to Debian? It would save a trip through New and the confusion inherent in package name instability. Scott K signature.asc Description: This is a digitally signed message part.
Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)
Hi, On Sat, Apr 25, 2020, at 12:34 AM, Scott Kitterman wrote: > On Friday, April 24, 2020 11:11:49 AM EDT Kan-Ru Chen wrote: > > * Package name: nss-tls Description : encrypted glibc name > > resolving library which uses DNS-over-HTTPS (DoH) > > > > nss-tls is an alternative, encrypted name resolving library to use > > with glibc, which uses DNS-over-HTTPS (DoH). > > Without knowing more that what is in the ITP, nss-tls seems like a counter- > intuitive name for something that doesn't use TLS, but instead HTTPS. Indeed, I agree it is counter-intuitive! If I am starting a new project I would probably call it nss-doh or nss-https. > Is this really the best name for the package? Could you explain the > background behind the name? The only reason right now is because it's the name used by upstream. I choose to keep the current name and mention DoH in the description to help search. I plan to ask upstream author if they intend to support DoT in the future then the name makes a little more sense. Otherwise if they can change the name to nss-https or something else to avoid confusion. Kanru > Scott K > > Attachments: > * signature.asc
Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)
On Friday, April 24, 2020 11:11:49 AM EDT Kan-Ru Chen wrote: > * Package name: nss-tls > Description : encrypted glibc name resolving library which uses > DNS-over-HTTPS (DoH) > > nss-tls is an alternative, encrypted name resolving library to use > with glibc, which uses DNS-over-HTTPS (DoH). Without knowing more that what is in the ITP, nss-tls seems like a counter- intuitive name for something that doesn't use TLS, but instead HTTPS. Is this really the best name for the package? Could you explain the background behind the name? Scott K signature.asc Description: This is a digitally signed message part.
Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)
Package: wnpp Severity: wishlist Owner: Kan-Ru Chen * Package name: nss-tls Version : pre-release Upstream Author : Dima Krasner * URL : https://github.com/dimkr/nss-tls * License : LGPL-2.1 Programming Lang: C Description : encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH) nss-tls is an alternative, encrypted name resolving library to use with glibc, which uses DNS-over-HTTPS (DoH). The glibc name resolver can be configured through nsswitch.conf(5) to use nss-tls instead of the DNS resolver, or fall back to DNS when nss-tls fails. This way, all applications that use the standard resolver API (getaddrinfo(), gethostbyname(), etc'), are transparently migrated from DNS to encrypted means of name resolving, with zero application-side changes and minimal resource consumption footprint. However, nss-tls does not deal with applications that use their own, built-in DNS resolver. There should be three binary packages: 1. nss-tlsd - a daemon that runs in the background, receives name resolving requests over a Unix socket and replies with resolved addresses. 2. libnss_tls.so - is a tiny client library, which delegates the resolving work to nss-tlsd through the Unix socket and passes the results back to the application, without dependencies other than libc. 3. tlslookup - a utility program that is equivalent to nslookup(1), but uses libnss_tls.so instead of DNS.
