Your message dated Mon, 07 Apr 2025 18:03:59 +0000
with message-id <e1u1qpd-00296u...@fasolo.debian.org>
and subject line Bug#1101006: fixed in snid 0.3.0-1
has caused the Debian Bug report #1101006,
regarding ITP: snid -- TLS-SNI proxy with zero config IPv4/v6 translation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1101006: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101006
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: wnpp
Severity: wishlist
Owner: Daniel Gröber <d...@darkboxed.org>
X-Debbugs-Cc: debian-de...@lists.debian.org, d...@darkboxed.org
Hi d-devel,
Continuing on my IPv6-only trajectory, snid is a very convinent program for
those brave enough to leave the legacy IP world behind them, or well, at
least in a dark cellar with no stairs and a Leopard lurking somewhere.
* Package name : snid
Version : v0.3.0
Upstream Contact: Andrew Ayer <a...@andrewayer.name>
* URL : https://github.com/AGWA/snid
* License : X11-distribute-modifications-variant
Programming Lang: Golang
Description : Oblivious TLS-SNI proxy with zero config IPv4/v6 translation
A lightweight proxy used to forward TLS connections (without decryption)
to backend servers listening on IPv6 or UNIX sockets based only on the
cleartext server name indication (SNI) hostname. Note: ESNI/ECH is not
(yet) supported.
.
Backend addresses are constructed based on DNS lookups or filesystem path
for IPv6 and UNIX listeners respectively, making snid deployments
exceedingly easy to manage.
.
Unlike other TLS-SNI proxies snid's address mapping approach (-mode nat46)
allows exposing any unmodified TLS-based service listening on IPv6 towards
legacy IPv4 with no configuration or loss of client identity by encoding
IPv4 client addresses into IPv6 source addresses.
.
Running a few snid nodes across an infrastructure thus removes the need to
think about legacy IP problems like address exhaustion, port-forwarding or
multi-layer NAT ever again.
.
Similar proxies rely on client identity hacks such as the PROXY protocol
or X-Forwarded-For/X-Real-IP headers in the case of HTTP based
protocols. This approach has caused confused-deputy type security problems
in the past and will continue to do so. The address mapping approach is
much less susceptible to these problems.
I'm planning on maintaining snid in go-team. I'm not much of a go person
but I think this particular program is super important. If anyone with go
skills wants to co-maintain that'd be awesome!
--Daniel
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: snid
Source-Version: 0.3.0-1
Done: Daniel Gröber <d...@darkboxed.org>
We believe that the bug you reported is fixed in the latest version of
snid, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1101...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Gröber <d...@darkboxed.org> (supplier of updated snid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 22 Mar 2025 13:17:32 +0000
Source: snid
Binary: snid snid-dbgsym
Architecture: source amd64
Version: 0.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Daniel Gröber <d...@darkboxed.org>
Description:
snid - Oblivious TLS-SNI proxy with zero config IPv4/v6 translation
Closes: 1101006
Changes:
snid (0.3.0-1) unstable; urgency=medium
.
* Initial release (Closes: #1101006)
Checksums-Sha1:
f507c47dd92ce6dbf2f7d7972210f4a6b2dc6d58 1994 snid_0.3.0-1.dsc
4b6add094774222fa89b353e78c658975197a236 7661 snid_0.3.0.orig.tar.gz
faf99d4df9f38d108a06301838485b3e82aa8efe 3692 snid_0.3.0-1.debian.tar.xz
196a0db2f94de0bdb31e31cc806374698112d3e1 1761016 snid-dbgsym_0.3.0-1_amd64.deb
a29b8e6a9fc99226081673bbe160bbef54b78c8d 6297 snid_0.3.0-1_amd64.buildinfo
f514ce177d46dec88888e1e802cf7b8c7b2801ac 1566176 snid_0.3.0-1_amd64.deb
Checksums-Sha256:
755ff950076b094d890d3a8ae4a23623f48d86505bffe1453456e1e7facbb360 1994
snid_0.3.0-1.dsc
1557dbf460badcb2f88cf1979a09bdfa17f1caf6b506eb1e348e4e7a63010d2f 7661
snid_0.3.0.orig.tar.gz
4b052f473831ceb83e40de75d4280e9a1838dffacbb5c0f9a0e26f23369ae1d3 3692
snid_0.3.0-1.debian.tar.xz
a51499ec7a8938bc367f14d626bda4d3c387d976b564c4fd26ab87ef5b0c2193 1761016
snid-dbgsym_0.3.0-1_amd64.deb
72835a50c87e20663c2286cb22861297c6a2b782f657925cb62e6b01b9145849 6297
snid_0.3.0-1_amd64.buildinfo
c0412836b289d7f6620c2070b72fbb2a5ae33c329d59293dc30fe7b66b32bc6c 1566176
snid_0.3.0-1_amd64.deb
Files:
136deff86e51e810c7668c7b1ba575e6 1994 golang optional snid_0.3.0-1.dsc
1ab52c09dd6bc2b411fa863afb38cdf4 7661 golang optional snid_0.3.0.orig.tar.gz
f0476498ef80ffbc0f139ea85457dd68 3692 golang optional
snid_0.3.0-1.debian.tar.xz
c9b9fb1c10360f4e978f126b00e10db7 1761016 debug optional
snid-dbgsym_0.3.0-1_amd64.deb
ea210bfa97c484fbd0ddb8522fe85b71 6297 golang optional
snid_0.3.0-1_amd64.buildinfo
bed76faa08fb77dff82a16188a452c24 1566176 net optional snid_0.3.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEV6G/FbT2+ZuJ7bKf05SBrh55rPcFAmfey5AACgkQ05SBrh55
rPef3A//XGRe5EPhN5EJlnRX/Z0IWkWgM/y2KFXDbNhE0fE/+H0a3ipyZJOr3GqC
+6iDzCJXj9slUMfptyOsfkGQUgkKdFNpu0j6ouvD6e/1EvNbsA8dbDeXgEaqkH1K
YEGX7evvMcmvlC6C462CrmMocdS7KYftOkSKgXxlJ+I0n+l5PcFe//nBexHox5K2
exgoR56V+qi38k9hEWV7vAMKPWqyLbnfUQm2VKXz8/WMTSCn1vCks4FJ+DmxjEiI
c/3wvTCbql0ftOkT2ILO5Nww147n1MFKQhIfB73Q2KcRJky0R1G/y138kU8CagIE
dX4sV/W0PZaBTbka2U+qR944V8EvSMLpC2L22X9GeDpWjXKW76VdPjiGw4U+5ZkU
fx+PAYHyNOiOi09EsMKvAQ174n9aBDhkNyY/vlIWQ+XUmvy5Mj/QOVwPDI0f5kMt
IEFObR0GVc0iBUnflaRCimFDTUOYH1oWcM9HeL3akRztZy4z9npb6oZKFeVNZsb/
sZ5mQ7PUYhgDF7DvsWA9XEgSdjr3taIVltk2qG2LApwtkGSwJ5R8BIKNj9GmT8b3
7ojRAnfgdPeLobcYnQcfpJXQyydZ/gOO9get7znWligro5l1/cmWgFuS/4x97F4m
kZQtjZItCC43SLM8wqFi3nUyVFuQec4g8eSwLZsNKOQrPrXwEhw=
=I7yI
-----END PGP SIGNATURE-----
pgpYbGZVfJ4If.pgp
Description: PGP signature
--- End Message ---
