On 03/30/2016 01:03 AM, Florian Weimer wrote:
On 03/29/2016 10:02 PM, Carlos O'Donell wrote:
>> Remove dns from the networks service in /etc/nsswitch.conf. Hardly
>> anyone needs it, and the implementation is quite broken anyway. It just
>> increases attack surface needlessly.
>
> Could you expand on this a bit more?
In /etc/nsswitch.conf, change:
networks: files dns
to:
networks: files
OK, but to be clear we would leave all the code in place for
users that want to add it back, we would only be removing it in
the default configuration?
I'm fine with that.
> Could you go ahead and create *one* change request page which
> covers all of these:
>
> (a) Update to glibc 2.23.1 stable branch.
Aren't we going to do that throughout F24 anyway?
One hopes :-)
We should list it in F25 just to be clear and in the event we don't
get to it. Plan for the worst, hope for the best.
--
Cheers,
Carlos.