Can we please get the GSS-TSIG error fixed and testcase written for 4.0.5?

[Andrew Bartlett]

Michael,

I'm wondering if I can call on your private offer to be a co-maintainer
of the internal DNS server, and see if you can help sort out the
GSS-TSIG issue Günter Kukkukk isolated earlier this year, that which
causes GSS-TSIG errors with nsupdate due to us misunderstanding the TSIG
protocol?

There is already a patch (which may or may not be a small layering
violation), but there isn't a way to testing this currently, to ensure
we don't fall back into 'fantasy crypto' like we currently do. 

We have the pieces - the addns lib can do the check, as I understand it,
and while we don't want to use that library long-term for testing, we
really just need to do something - anything, even at a black box level
around our 'net dns' command - to walk this code and check it's right. 

Is there any chance you could take this on?  It would be really good to
get this sorted for 4.0.5. 

Also, in the longer term, how do we want to maintain our DNS solutions?
We have two under-maintained solutions, with both maintainers having
other very important calls on their time.  (We also have the remote
CNAME lookup issue pending).

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org