From 20fb7452c04221608be1359cc100387db3e36356 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Fri, 24 Jul 2020 16:46:23 +0200
Subject: [PATCH] NEWS: Deprecate nss_hesiod

Storing user databases in DNS, without client-side DNSSEC validation,
is problematic from a security point of view.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/NEWS b/NEWS
index 1ef4a0a7a4..83aed60e19 100644
--- a/NEWS
+++ b/NEWS
@@ -147,6 +147,11 @@ Deprecated and removed features, and other changes affecting compatibility:
   applications which use the malloc hooks must preload a special shared
   object, to enable the hooks.
 
+* The hesiod NSS module has been deprecated and will be removed in a
+  future version of glibc.  System administrators are encouraged to
+  switch to other approaches for networked account databases, such as
+  LDAP.
+
 Changes to build and runtime requirements:
 
 * powerpc64le requires GCC 7.4 or newer.  This is required for supporting