Bug#845078: [pkg-gnupg-maint] Bug#845078: Links against libadns1 with limited security support

2016-11-21 Thread Werner Koch 
On Sun, 20 Nov 2016 10:03, a...@sigxcpu.org said:

> libadns1 has limited security support in Debian so I wonder if this is a
> good choice for dirmngr. Please consider using another resolver by

Due to the unresponsive ADNS upstream maintainer, we are evaluating
other options than ADNS.  We have two reasons to use our own resolver:

 - Avoids the use of the Windows API.  However, that can be changed with
   some effort.

 - To enable TOR based DNS.  That currently works only on Windows
   because there we can and need to use a patch version of ADNS :-(.

We actually don't make use of the async features of ADNS.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpG_wuNq_F3E.pgp
Description: PGP signature

Bug#845078: Links against libadns1 with limited security support

2016-11-20 Thread Guido Günther 
Package: dirmngr
Version: 2.1.15-9
Severity: wishlist

Hi Daniel,
libadns1 has limited security support in Debian so I wonder if this is a
good choice for dirmngr. Please consider using another resolver by
default.

$ grep adns /usr/share/debian-security-support/security-support-limited 
adnsStub resolver that should only be used with trusted recursors

Thanks a lot for maintaining gnupg in Debian.
Cheers,
 -- Guido

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dirmngr depends on:
ii  adduser3.115
ii  libadns1   1.5.0~rc1-1
ii  libassuan0 2.4.3-1
ii  libc6  2.24-5
ii  libgcrypt201.7.3-2
ii  libgnutls303.5.6-6
ii  libgpg-error0  1.24-1
ii  libksba8   1.3.5-2
ii  libldap-2.4-2  2.4.42+dfsg-2+b3
ii  libnpth0   1.2-3
ii  lsb-base   9.20161016

Versions of packages dirmngr recommends:
ii  gnupg  2.1.15-9

Versions of packages dirmngr suggests:
ii  tor  0.2.8.9-1

-- no debconf information