Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)

Scott Kitterman-5
On Friday, April 24, 2020 11:11:49 AM EDT Kan-Ru Chen wrote:
> * Package name    : nss-tls
>   Description     : encrypted glibc name resolving library which uses
> DNS-over-HTTPS (DoH)
>
> nss-tls is an alternative, encrypted name resolving library to use
> with glibc, which uses DNS-over-HTTPS (DoH).

Without knowing more that what is in the ITP, nss-tls seems like a counter-
intuitive name for something that doesn't use TLS, but instead HTTPS.

Is this really the best name for the package?  Could you explain the
background behind the name?

Scott K

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)

Kan-Ru Chen (陳侃如)
Hi,

On Sat, Apr 25, 2020, at 12:34 AM, Scott Kitterman wrote:
> On Friday, April 24, 2020 11:11:49 AM EDT Kan-Ru Chen wrote:
> > * Package name    : nss-tls Description     : encrypted glibc name
> >   resolving library which uses DNS-over-HTTPS (DoH)
> >
> > nss-tls is an alternative, encrypted name resolving library to use
> > with glibc, which uses DNS-over-HTTPS (DoH).
>
> Without knowing more that what is in the ITP, nss-tls seems like a counter-
> intuitive name for something that doesn't use TLS, but instead HTTPS.

Indeed, I agree it is counter-intuitive! If I am starting a new project
I would probably call it nss-doh or nss-https.

> Is this really the best name for the package?  Could you explain the
> background behind the name?

The only reason right now is because it's the name used by upstream. I
choose to keep the current name and mention DoH in the description to
help search.

I plan to ask upstream author if they intend to support DoT in the
future then the name makes a little more sense. Otherwise if they can
change the name to nss-https or something else to avoid confusion.

Kanru

> Scott K
>
> Attachments:
> * signature.asc

Reply | Threaded
Open this post in threaded view
|

Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)

Scott Kitterman-5
On Friday, April 24, 2020 11:54:17 AM EDT Kan-Ru Chen wrote:

> Hi,
>
> On Sat, Apr 25, 2020, at 12:34 AM, Scott Kitterman wrote:
> > On Friday, April 24, 2020 11:11:49 AM EDT Kan-Ru Chen wrote:
> > > * Package name    : nss-tls Description     : encrypted glibc name
> > >
> > >   resolving library which uses DNS-over-HTTPS (DoH)
> > >
> > > nss-tls is an alternative, encrypted name resolving library to use
> > > with glibc, which uses DNS-over-HTTPS (DoH).
> >
> > Without knowing more that what is in the ITP, nss-tls seems like a
> > counter-
> > intuitive name for something that doesn't use TLS, but instead HTTPS.
>
> Indeed, I agree it is counter-intuitive! If I am starting a new project
> I would probably call it nss-doh or nss-https.
>
> > Is this really the best name for the package?  Could you explain the
> > background behind the name?
>
> The only reason right now is because it's the name used by upstream. I
> choose to keep the current name and mention DoH in the description to
> help search.
>
> I plan to ask upstream author if they intend to support DoT in the
> future then the name makes a little more sense. Otherwise if they can
> change the name to nss-https or something else to avoid confusion.
Would it make sense to resolve that with upstream before introducing this to
Debian?  It would save a trip through New and the confusion inherent in
package name instability.

Scott K

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)

Florian Weimer
* Scott Kitterman:

> On Friday, April 24, 2020 11:54:17 AM EDT Kan-Ru Chen wrote:
>> Hi,
>>
>> On Sat, Apr 25, 2020, at 12:34 AM, Scott Kitterman wrote:
>> > On Friday, April 24, 2020 11:11:49 AM EDT Kan-Ru Chen wrote:
>> > > * Package name    : nss-tls Description     : encrypted glibc name
>> > >
>> > >   resolving library which uses DNS-over-HTTPS (DoH)
>> > >
>> > > nss-tls is an alternative, encrypted name resolving library to use
>> > > with glibc, which uses DNS-over-HTTPS (DoH).
>> >
>> > Without knowing more that what is in the ITP, nss-tls seems like a
>> > counter-
>> > intuitive name for something that doesn't use TLS, but instead HTTPS.
>>
>> Indeed, I agree it is counter-intuitive! If I am starting a new project
>> I would probably call it nss-doh or nss-https.
>>
>> > Is this really the best name for the package?  Could you explain the
>> > background behind the name?
>>
>> The only reason right now is because it's the name used by upstream. I
>> choose to keep the current name and mention DoH in the description to
>> help search.
>>
>> I plan to ask upstream author if they intend to support DoT in the
>> future then the name makes a little more sense. Otherwise if they can
>> change the name to nss-https or something else to avoid confusion.
>
> Would it make sense to resolve that with upstream before introducing this to
> Debian?  It would save a trip through New and the confusion inherent in
> package name instability.

The NSS mmodule is called “tls”:

| Then, add "tls" to the "hosts" entry in /etc/nsswitch.conf, before
| "dns" or anything else that contains "dns".

Renaming it would be a breaking change.  As long as the module has
this name, “nss-tls” does not seem inappropriate to me (although I
agree that it's not ideal).

Reply | Threaded
Open this post in threaded view
|

Re: Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)

Adrien CLERC-2

>>> The only reason right now is because it's the name used by upstream. I
>>> choose to keep the current name and mention DoH in the description to
>>> help search.
>>>
>>> I plan to ask upstream author if they intend to support DoT in the
>>> future then the name makes a little more sense. Otherwise if they can
>>> change the name to nss-https or something else to avoid confusion.
>> Would it make sense to resolve that with upstream before introducing this to
>> Debian?  It would save a trip through New and the confusion inherent in
>> package name instability.

Hi,

I opened an issue upstream on
https://github.com/dimkr/nss-tls/issues/55. I hope I am not too enthusiast!

Adrien