Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 Mar 2018 15:33:07 -0500
From: William Pitcock <nenolod@...eferenced.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] resolver: only exit the search path loop there are
 a positive number of results given

Hello,

On Fri, Mar 30, 2018 at 3:24 PM, Szabolcs Nagy <nsz@...t70.net> wrote:
> * William Pitcock <nenolod@...eferenced.org> [2018-03-30 14:44:44 -0500]:
>> There is a talk in a few weeks at Kubecon (the Kubernetes conference),
>> explicitly titled "Don't Use Alpine If You Care About DNS."  The talk
>> largely centers around how musl's overly strict behaviour makes Alpine
>> a bad choice for "the real world."  I would like to turn this into a
>> story where we can announce that Alpine 3.8 mitigates this problem
>> instead, doing such will be good for both Alpine and the musl
>> ecosystem as a whole, as it is defanging a point of possible FUD.
>
> musl has had a good track record catching bugs in dns
> implementations and in dns setups, i don't think this
> should be mitigated, it's good to know that cloudflare
> has a broken dns server, or that kubernetes had dns
> setup bugs, these are real reliability and performance
> issues affecting all systems not just musl.

We can add a strict option to turn off the mitigation, but Alpine 3.8
will ship with a mitigation regardless.

William

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ