[Pkg-xmpp-devel] pushing udns into squeeze
Thadeu Lima de Souza Cascardo
cascardo at minaslivre.org
Sat Jul 11 22:55:43 UTC 2009
Hello, folks.
While udns has no entered etch or lenny, we should reconsider that
situation in the case of squeeze. Some software in Debian depends or may
be improved while depending on udns. libapache2-mod-defensible, for
example, was rebuilt without udns for the lenny release. Now, jabberd2
depends on udns and can only go into a stable release if udns goes too
or udns stops being used by it.
Although Michael didn't think it was ready for release some three years
ago and not a lot has changed in the library since then, it has being
used by these software in response to its usefulness and quality. I
don't know if Michael has reconsidered, but I'd like to know his opinion
as of now.
Regarding the security issue, which Michael has already answered about
in his comments in the source code even before people have published
their exploit results and many servers had their code changed to make
them safer, I don't think udns requires any change.
It's a stub resolver and many other stub resolvers have not changed
anything in response to the announcement of the increased possibility of
an attack. And stub resolvers should use secure servers in a secure
environment/network.
I think we could release some notes in README.Debian regarding this and
close this bug altogether and let udns move into squeeze and keep it
there for the release, allowing other packages to follow, including
jabberd2.
Regards,
Cascardo.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-xmpp-devel/attachments/20090711/0e422c45/attachment.pgp>
More information about the Pkg-xmpp-devel
mailing list