On 8 October 2012 13:24, Jordon Bedwell <jor...@envygeeks.com> wrote: > On Sun, Oct 7, 2012 at 10:47 PM, Daniel J Blueman <dan...@quora.org> wrote: >> Can you elaborate the specific reasons/mechanisms why without per-user >> caching, dnsmasq is still a security weakness? At least these views >> should be shared upstream so we can work on resolving the issues. > > It's a subjective security issue IMO. Pretty flawed in some cases, in > others it sounds like the guy who only pokes the bear while it's in > the cage and if the cage is nowhere to be found then it's game over, > won't even go near it. What I am saying is for the average user it's > a case of why are you letting them on your PC at all if you do not > have a single ounce of trust and absolutely need per-user caching > because you fear they will attempt to poison you. For other > environments it's another situation but those environments are the > rule apparently and not the exception... even though they are the > minority IMO.
Subjective of not, there was a list of reasons which will added up to "let's disable it"; I really think we should get this list (particularly since upstream and other distros allow the caching) and reevaluate. It's too late for the release, sure. Anyone? Daniel -- Daniel J Blueman -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
