* [PATCH] NEWS: Deprecate nss_hesiod
@ 2020-07-24 14:47 Florian Weimer
2020-07-24 20:47 ` Carlos O'Donell
0 siblings, 1 reply; 3+ messages in thread
From: Florian Weimer @ 2020-07-24 14:47 UTC (permalink / raw)
To: libc-alpha
Storing user databases in DNS, without client-side DNSSEC validation,
is problematic from a security point of view.
---
NEWS | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/NEWS b/NEWS
index 1ef4a0a7a4..83aed60e19 100644
--- a/NEWS
+++ b/NEWS
@@ -147,6 +147,11 @@ Deprecated and removed features, and other changes affecting compatibility:
applications which use the malloc hooks must preload a special shared
object, to enable the hooks.
+* The hesiod NSS module has been deprecated and will be removed in a
+ future version of glibc. System administrators are encouraged to
+ switch to other approaches for networked account databases, such as
+ LDAP.
+
Changes to build and runtime requirements:
* powerpc64le requires GCC 7.4 or newer. This is required for supporting
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] NEWS: Deprecate nss_hesiod
2020-07-24 14:47 [PATCH] NEWS: Deprecate nss_hesiod Florian Weimer
@ 2020-07-24 20:47 ` Carlos O'Donell
2020-07-27 6:17 ` Florian Weimer
0 siblings, 1 reply; 3+ messages in thread
From: Carlos O'Donell @ 2020-07-24 20:47 UTC (permalink / raw)
To: Florian Weimer, libc-alpha
On 7/24/20 10:47 AM, Florian Weimer via Libc-alpha wrote:
> Storing user databases in DNS, without client-side DNSSEC validation,
> is problematic from a security point of view.
Hesiod could be handled as an external NSS module.
OK for 2.32.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> ---
> NEWS | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/NEWS b/NEWS
> index 1ef4a0a7a4..83aed60e19 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -147,6 +147,11 @@ Deprecated and removed features, and other changes affecting compatibility:
> applications which use the malloc hooks must preload a special shared
> object, to enable the hooks.
>
> +* The hesiod NSS module has been deprecated and will be removed in a
> + future version of glibc. System administrators are encouraged to
> + switch to other approaches for networked account databases, such as
> + LDAP.
> +
> Changes to build and runtime requirements:
>
> * powerpc64le requires GCC 7.4 or newer. This is required for supporting
>
--
Cheers,
Carlos.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] NEWS: Deprecate nss_hesiod
2020-07-24 20:47 ` Carlos O'Donell
@ 2020-07-27 6:17 ` Florian Weimer
0 siblings, 0 replies; 3+ messages in thread
From: Florian Weimer @ 2020-07-27 6:17 UTC (permalink / raw)
To: Carlos O'Donell; +Cc: libc-alpha
* Carlos O'Donell:
> On 7/24/20 10:47 AM, Florian Weimer via Libc-alpha wrote:
>> Storing user databases in DNS, without client-side DNSSEC validation,
>> is problematic from a security point of view.
>
> Hesiod could be handled as an external NSS module.
Indeed, but we'll need a volunteer for that.
> OK for 2.32.
>
> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Thanks, I will give others a day or two to comment on these
deprecations, too.
Florian
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-27 6:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-24 14:47 [PATCH] NEWS: Deprecate nss_hesiod Florian Weimer
2020-07-24 20:47 ` Carlos O'Donell
2020-07-27 6:17 ` Florian Weimer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).