On 22 maj 2013, at 15:07, Fredrik Pettai <[email protected]> wrote:
> One thing that struck me while having a discussion about different formats,
> is why OpenDNSSEC has it's configuration files in the XML format? I
> understood that (at least one of) the design idea(s) behind it, was that
> other provision systems that use OpenDNSSEC as a backend should be able to
> generate/rewrite configuration to OpenDNSSEC. Is that a reality today, or was
> it just a pipe dream? :-)
Yes, there are systems today that generated XML for OpenDNSSEC. XML is also
used for enforcer/signer interaction, and using the same syntax for all files
made sense. We could have used JSON, but then syntax checking would have been
less strict.
> As an OpenDNSSEC user, the configuration is unnecessarily filled with (too)
> much information, making it less readable. As a package maintainer, having to
> depend on libxml2 is not something that is positive, due to all security
> vulnerabilities that comes with libxml2.
No XML files that OpenDNSSEC use should be writable by non-admins, so any
security issues with libxml2 are, IMHO, moot in this context.
> I do understand that it would take time that could be spent on other things
> to rewrite this, and I wouldn't suggest that this should be on the roadmap
> for OpenDNSSEC 1.x. But maybe OpenDNSSEC 2.x could add support for less
> complicated configuration syntax?
Changing the configuration file format is not on the roadmap for 2.0, but we
will look into this for future releases.
Not starting the my-favorite-config-file-format war, but what would you
recommend us to look at in the future?
jakob
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
