Hello, folks. While udns has no entered etch or lenny, we should reconsider that situation in the case of squeeze. Some software in Debian depends or may be improved while depending on udns. libapache2-mod-defensible, for example, was rebuilt without udns for the lenny release. Now, jabberd2 depends on udns and can only go into a stable release if udns goes too or udns stops being used by it.
Although Michael didn't think it was ready for release some three years ago and not a lot has changed in the library since then, it has being used by these software in response to its usefulness and quality. I don't know if Michael has reconsidered, but I'd like to know his opinion as of now. Regarding the security issue, which Michael has already answered about in his comments in the source code even before people have published their exploit results and many servers had their code changed to make them safer, I don't think udns requires any change. It's a stub resolver and many other stub resolvers have not changed anything in response to the announcement of the increased possibility of an attack. And stub resolvers should use secure servers in a secure environment/network. I think we could release some notes in README.Debian regarding this and close this bug altogether and let udns move into squeeze and keep it there for the release, allowing other packages to follow, including jabberd2. Regards, Cascardo.
signature.asc
Description: Digital signature