On Wed, Feb 22, 2006 at 04:57:26PM +0100, Loïc Minier wrote:
On Wed, Feb 22, 2006, Michael Stone wrote:
>From a pragmatic standpoint, pulling in nss-mdns is a PITA because it
makes certain name queries take forever--so there are reasons aside from
security to think this is annoying.
(nss-mdns does mdns too, but it's not related to avahi)
No?
Package: avahi-daemon
Source: avahi
Version: 0.6.7-1
Depends: libavahi-common3 (>= 0.6.4), libavahi-core3 (>= 0.6.0), libc6 (>= 2.3.5-1),
libcap1, libdaemon0, libdbus-1-2 (>= 0.60), libexpat1 (>= 1.95.8), adduser, dbus (>=
0.60)
Recommends: libnss-mdns
The dependency chains here get a little scary.
From a security point of view, everything feature introduce risk. If
you base all you reasonning on security, that is if you make security
rule number 1, you get zero feature.
And if you introduce questionable features with huge security
implications without thinking them through you get a real mess which is
going to take a lot of work down the road to clean up. There's a real
danger inherent in focusing on a particular bit of functionality and
ignoring its larger implications, *especially* in a project as large as
debian.
You can't take the decision to remove a feature because most people
install GNOME for other reasons than that feature. Otherwise one would
use the same reasonning for all features in GNOME and remove them all.
Your logic is frankly questionable. Anytime you start with a
proposition like "making that decision equates to removing every
possible feature" you're probably making a logical leap.
But I agree with the former part: the question is do we support
multicast DNS or not? When I look at the results of my mdns queries
here, I have no doubt it will soon be a requirement since I see:
- computers
- a music remote control interface
- music shares
- HTTP and SSH servers (that's less common)
- administrative interface for wifi APs
I don't see any of those appearing on any network I maintain. I've now
trumped your assertion with one of my own, do I win something? On any
*managed* network I don't think that having stuff like this appear out
of nowhere is particularly beneficial. On a small home network I'm not
convinced it buys you anything because you're not generally dealing with
enough stuff to need a service location solution. I'm sure its
potentially very useful on geeky home networks with lots of systems and
services, but I'm not sure that's a reasonable basis for a default
configuration.
--
Michael Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
