No, no, NO again. nscd has no important active bugs in Fedora. I am not sure what bugs are mentioned, but just a few active bugs are on glibc component in Fedora. Therefore it seems just fine no commits are good. Just unlike systemd-resolved, which actively breaks some use cases. It changes resolution order of search directive in resolv.conf, breaks DNSSEC, breaks one label names resolution. It is famous among DNS community [1]. There is no controversy with nscd, it just caches names and nothing more. I think this is its advantage. Unless there is any stronger reason, I am against this change in advance. If serious bugs are in NSCD, please fill bugs on the component. Instead, I request again, split systemd-resolved into subpackage. I want it removed on my system and so do more people. Also, when I disable it, I have to fix /etc/resolv.conf by hand. I would think NetworkManager restart would refresh classic /etc/resolv.conf, like in F32. I don't see any advantage to have systemd-resolved in a container. I suggest removing systemd-resolved instead from minimal installation. I don't think nscd is mandatory there too. There has been no change in bug #1879028, which received exception to F33. I would hope there would be work-in-progress on some upstream branch, but doubt it. Until systemd upstream fixes all relevant bugs, please avoid its tighter integration into the system. Thank you. 1. https://lists.dns-oarc.net/pipermail/dns-operations/2020-November/020651.html 2. https://bugzilla.redhat.com/show_bug.cgi?id=1879028 On 11/4/20 7:13 PM, Ben Cotton wrote: > https://fedoraproject.org/wiki/Changes/RemoveNSCD > > == Summary == > This proposal intends to replace the ''nscd'' cache for named services > with ''systemd-resolved'' for the `hosts` database and the ''sssd'' > daemon for everything else. > > == Owner == > * Name: [[User:submachine| Arjun Shankar]] > * Email: arjun@xxxxxxxxxx > > == Detailed Description == > > ''nscd'' is a daemon that provides caching for accesses of the > `passwd`, `group`, `hosts`, `services`, and `netgroup` databases > through standard libc interfaces (such as `getpwnam`, `getpwuid`, > `getgrnam`, `getgrgid`, `gethostbyname`, etc.). This proposal intends > to replace ''nscd'' in Fedora with ''systemd-resolved'' for the > `hosts` database and the ''sssd'' daemon for everything else. > Accordingly, the `nscd` sub-package of glibc will be removed and > obsoleted. > > == Benefit to Fedora == > > While still maintained within the glibc source tree, ''nscd'' has > received less than forty commits in the past three years and has > gathered significant technical debt, and has bugs which are hard to > fix. There are concurrency bugs in the shared mappings, cache > unification (IPv4 vs. IPv6 vs. AF_UNSPEC) issues, and more which would > require significant investment to fix in nscd. Such an investment > seems like duplicate effort among our communities given the quality > and state of ''sssd'', and ''systemd-resolved'' which is already > proposed to be enabled by default from [[Changes/systemd-resolved | > Fedora 33 onwards]]. > > At a high level, sssd and systemd-resolved together provide a caching > solution that has feature parity with nscd, with systemd-resolved > covering the hosts cache and sssd the rest. The removal of nscd from > Fedora will: > * move the user base over to a more modern solution for named services > caching, and > * reduce maintenance work on the Fedora glibc package and the > duplication of effort on nscd upstream. > > > == Scope == > * Proposal owners: > The volume of work required is minimal, with the only change being the > removal and obsolescence of the nscd sub-package offered by glibc > which can be achieved by minor changes to the spec file. Since nscd is > not installed by default, the affect on the distribution is minimal. > Users who have installed nscd in an earlier release of Fedora will > need to install and configure sssd instead. > > * Other developers: `nss-pam-ldapd` has a weak dependency on nscd that > will need to be removed. `libuser` has a build dependency on nscd that > will also need to be removed. > > * Release engineering: > This change does not require coordination with or have impact on > release engineering and does not require a mass rebuild. > > * Policies and guidelines: N/A (not a System Wide Change) > * Trademark approval: N/A (not needed for this Change) > * Alignment with Objectives: Yes, this proposal aligns with the > [https://docs.fedoraproject.org/en-US/project/objectives current > objective] of "Fedora Minimization". > > == Upgrade/compatibility impact == > N/A (not a System Wide Change) > > == User Experience == > * Most users will be unaffected by this change because nscd is not > installed by default. It is usually used on systems configured with > LDAP, where nscd provides caching of remote queries. > * On a system using nscd that is updated to Fedora 34 from a previous > version, the system administrator will need to install and configure > sssd to replace it after the update. Even when this is not done, the > only visible affect will be slower resolution of named service queries > due to a missing cache. > * Users on a system running sssd and systemd-resolved instead of nscd > shouldn't see any noticeable difference in system behaviour or latency > in resolving named services. > > == Dependencies == > * `nss-pam-ldapd` has a weak dependency on nscd that will need to be removed. > * `libuser` has a build dependency on nscd that will also need to be removed. > > Both changes are minimal, requiring a removal of the dependency in the > spec file, and a rebuild. > > == Contingency Plan == > * Contingency mechanism: Revert changes to glibc spec file and > continue to ship nscd. Revert changes to libuser and nss-pam-ldapd > packages; this will need to be done by the respective package > maintainers. > * Contingency deadline: Fedora 34 Beta Freeze > * Blocks release? N/A (not a System Wide Change) > * Blocks product? None > > == Documentation == > N/A (not a System Wide Change) > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemensik@xxxxxxxxxx PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
Attachment:
OpenPGP_0x4931CA5B6C9FC5CB_and_old_rev.asc
Description: application/pgp-keys
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
