On Fri, 21.03.14 00:27, Paul Wouters (p...@nohats.ca) wrote: > On Fri, 21 Mar 2014, Lennart Poettering wrote: > > >I mean, in this day and age we should not consider an ACL language well > >designed if it basically pushes users to use IDENT and DNS for > >authentication. (And no, don't say the words DNSSEC, nobody sets that > >up, we don't have it as default, and tcpwrap doesn't check wether DNSSEC > >is enabled either, before trusting a hostname...). > > we kinda do have dnssec per default. All DNS servers installed per > default do DNSSEC. Installing dnssec-trigger makes that even more > pervasive.
Well, but glibc can't do the DNSSEC client side, can it? Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
