Bug#761658: Please do not default to using Google nameservers

Tue Apr 7 21:45:16 BST 2015

also sprach Marco d'Itri <md at Linux.IT> [2015-04-07 22:22 +0200]:
> > is your position unchanged?
> Yes, since the arguments against this configuration that have been 
> presented so far can be summarized in "OMG Google!!!1!".

This is not the argument I brought forth. To me, reaching out to
a third party to make it work out of the box even without the
admin's help is not acceptable. We may work hard to configure our
services to provide sensible defaults, but the tendency is still not
to turn them on by default. Our MTAs don't have default mail relays.
We don't enable AVAHI nor do we install cups-browsed to make things
work out of the box. We change upstream software to ensure as much
as possible that we don't leak data. We file bug reports against
packages linking images from remote web servers to prevent this
leakage (cf. e.g. mailman), etc.… In fact, the only software I know
that uses defaults for out-of-the-box operation (apart from all the
desktop-ware, which is a different beast) is ntpd using
pool.ntp.org, but this is a project started by a DD and uses
sufficiently random delegation.

> If you feel the need to further pursue this then please explain in
> detail the threat model that you are trying to address and how the
> current default configuration would be worse than other default
> configurations.

In general, Debian has always taken a no-magic-no-frills approach.
If you don't configure it, it does not work. In the currently
discussed case, your choice means that DNS configuration might be
regarded as secondary priority.

Meanwhile, some might argue that Google can collect more data and
while I also don't want to fuel that beast, more importantly it
means that I give Google the power over my DNS lookups, and who
knows what that may entail. This is a company that uses JavaScript
to disguise click-tracking from your view and Google DNS has not
always remained partial to disputes involving political powers.

So no, no concrete threat model. But I hope I was able to argue that
one is not necessary. The default should be with Debian philoosphy
and that has always adhered to the principle of least surprise. In
this case, unless DNS is provided or configured, I'd consider it an
unpleasant surprise to find out that we are officially routing our
users through a commercial, 3rd party entity, whatever they're
called.

-- 
 .''`.   martin f. krafft <madduck at d.o> @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems

"... alle sätze der logik sagen aber dasselbe. nämlich nichts."
                                                       -- wittgenstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1107 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150407/7961b330/attachment-0002.sig>