Message ID | 87a6zp7yxd.fsf@oldenburg2.str.redhat.com |
---|---|
State | New |
Headers | show |
Series | NEWS: Deprecate nss_hesiod | expand |
On 7/24/20 10:47 AM, Florian Weimer via Libc-alpha wrote: > Storing user databases in DNS, without client-side DNSSEC validation, > is problematic from a security point of view. Hesiod could be handled as an external NSS module. OK for 2.32. Reviewed-by: Carlos O'Donell <carlos@redhat.com> > --- > NEWS | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/NEWS b/NEWS > index 1ef4a0a7a4..83aed60e19 100644 > --- a/NEWS > +++ b/NEWS > @@ -147,6 +147,11 @@ Deprecated and removed features, and other changes affecting compatibility: > applications which use the malloc hooks must preload a special shared > object, to enable the hooks. > > +* The hesiod NSS module has been deprecated and will be removed in a > + future version of glibc. System administrators are encouraged to > + switch to other approaches for networked account databases, such as > + LDAP. > + > Changes to build and runtime requirements: > > * powerpc64le requires GCC 7.4 or newer. This is required for supporting >
* Carlos O'Donell: > On 7/24/20 10:47 AM, Florian Weimer via Libc-alpha wrote: >> Storing user databases in DNS, without client-side DNSSEC validation, >> is problematic from a security point of view. > > Hesiod could be handled as an external NSS module. Indeed, but we'll need a volunteer for that. > OK for 2.32. > > Reviewed-by: Carlos O'Donell <carlos@redhat.com> Thanks, I will give others a day or two to comment on these deprecations, too. Florian
diff --git a/NEWS b/NEWS index 1ef4a0a7a4..83aed60e19 100644 --- a/NEWS +++ b/NEWS @@ -147,6 +147,11 @@ Deprecated and removed features, and other changes affecting compatibility: applications which use the malloc hooks must preload a special shared object, to enable the hooks. +* The hesiod NSS module has been deprecated and will be removed in a + future version of glibc. System administrators are encouraged to + switch to other approaches for networked account databases, such as + LDAP. + Changes to build and runtime requirements: * powerpc64le requires GCC 7.4 or newer. This is required for supporting