On Thu, 2019-11-07 at 21:25 +0100, Nicolas Mailhot via devel wrote: > Le jeudi 07 novembre 2019 à 18:32 +0100, Sheogorath via devel a écrit > : > > The talk is right on many points, but I think it dismisses the most > > essential point DoH does right: DNS is a decision of the device > > owner. > > And the owner should be able to delegate this decision to the network > manager. > Then let's talk on how we properly implement this delegation process instead of asking ourselves whenever we want DoH or DoT or not. Let's find a DHCP/RA option that indicates a DoT or DoH service is available or something similar. Simply stating "encrypted DNS is pointless" is nothing I consider a valid solution. > Suggesting static config is good enough outside the enterprise is a > joke. Count the number of networked things in the modern home, it > grows > every years. A lot of those roam, either because they are designed to > roam (smartphones) or because people vacation, because they like to > share their stuff with friends and families, because they like to > show > of. A lot of those are cheap-ass gadgets that will revert (reset) to > factory settings at the slightest problem (sometimes, just because > the > battery is dead, the juice was cut, and settings are kept in memory). > And how are those devices related to Fedora? I mean, our goal here should be to do things right or at least better. When we take those IoT devices as our standards, then we can throw away SELinux, run stone-age kernels and we can also ignore the existence of updates for our systems. We are Fedora, we want to lead tech towards a better standards, not stay around in the status quo where everyone else already is. > Ansible or puppet are not designed to solve such generic situations. > > Network management is no longer an enterprise-only concern. > > Treating it as a sysadmin problem does not work. > > The network happened. And not only internet side. > I really hope for more IPv6 to happen (properly), so pretty much everything becomes the internet. It makes so many things a lot easier and a lot less security through obscurity. -- Signed Sheogorath OpenPGP: https://shivering-isles.com/openpgp/0xFCB98C2A3EC6F601.txt
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
