On 03/30/2016 10:58 PM, Carlos O'Donell wrote:
On 03/30/2016 01:03 AM, Florian Weimer wrote:
> On 03/29/2016 10:02 PM, Carlos O'Donell wrote:
>
>>> Remove dns from the networks service in /etc/nsswitch.conf. Hardly
>>> anyone needs it, and the implementation is quite broken anyway. It just
>>> increases attack surface needlessly.
>>
>> Could you expand on this a bit more?
>
> In /etc/nsswitch.conf, change:
>
> networks: files dns
>
> to:
>
> networks: files
OK, but to be clear we would leave all the code in place for
users that want to add it back, we would only be removing it in
the default configuration?
Yes, it's just a configuration change.
>> Could you go ahead and create *one* change request page
which
>> covers all of these:
>>
>> (a) Update to glibc 2.23.1 stable branch.
>
> Aren't we going to do that throughout F24 anyway?
One hopes :-)
We should list it in F25 just to be clear and in the event we don't
get to it. Plan for the worst, hope for the best.
Okay. Do we have to do anything special once F25 branches, so that it's
based of F24 and not rawhide?
Florian