DNS TSIG updates need to check ACLs
kai at samba.org
Wed Nov 14 00:05:28 MST 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 2012-11-13 17:20, simo wrote:
> Hi Metze, they look good to me, but I thought Kai was going to look
> and ack/nack them given he is the one most involved with DNs
Well, I don't like them, but it's easier to work around the BIND bug
on our side than get every BIND version out there fixed, and arguably
libaddns doesn't ever do anything with the signature.
I'm concerned that we'll regress once we phase out libaddns in favour
of libcli/dns once the gss-tsig logic is also implemented there, but
we'll just have to deal with that when we get there.
There's no value in not making this work for our users.
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the samba-technical