Paul Wise writes: > On Sun, Jun 13, 2010 at 7:00 PM, Michael Poole <mdpo...@troilus.org> wrote: > >> The behavior with net.ipv6.bindv6only=0 is mandated by both POSIX and >> the governing RFC. How can you call it a bug for software to expect >> that behavior? The true bug is that Debian intentionally violates these >> standards. If people decide (as Vincent Bernat suggested) that Debian >> is a buggy piece of junk because of that, they will be right. > > How many times will this discussion will go round and round in > circles? I'm getting dizzy.
Probably as many times as it takes for people to give a reasonable answer for the question I asked. So far I have seen these reasons provided to keep bindv6only=1: 1) BSDs only act as if bindv6only=1. (False.) 2) BSDs do (or did) this because of vague language in the standards. (Maybe true once, but not now.) 3) There are potential security bugs if an application black- or white-lists IPv4 addresses and someone uses an v6-mapped IPv4 address to connect. (Handwavy and, as far as I've seen, purely hypothetical. Also ties the hands of the system administrator, who may want to treat v6-mapped addresses differently than the corresponding native IPv4 address.) 4) It only affects software outside of the Debian archive. (Irrelevant at best. Callous because it requires developers to cater to the whims of Debian.) and most often: 5) Software that doesn't expect it is buggy. (Circular.) Have I missed anything? Michael Poole -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ocffcgsq....@troilus.org
