Lucas Manuel Rodriguez

Here's the original PR/commit that added the `--tls_dump` feature: https://github.com/osquery/osquery/commit/95c4d733cc2590e96538e7a9c8dea13a3b5f565b. IMO it might make more sense to print to `stderr` as it is printed with the rest of the logging...

> I probably have a slight bias towards VLOG? But can be convinced otherwise. Just realized during some dummy tests that the use of `VLOG` in `tls.cpp` is not a...

> I'd probably still bias to stderr but can be persuaded. Done.

Duplicate of #7539?

Hi folks. Fleet currently makes use of "distributed discovery queries" for avoiding the "no such table" errors with some extension tables, see [here](https://github.com/fleetdm/fleet/blob/15de4f3e65883abbb08ead57102e40f2fcac809c/server/service/osquery_utils/queries.go#L360-L363). At the time, we decided to use...

> I think there are maybe two points to discuss. The first is whether or not we should keep distributed discovery queries so dramatically different than scheduled queries. And the...

> In this scenario, do we end up in the situation where query A is executed 3 times before osquery replies to the server with results for A and failures...

Thanks for the context! It really helps understand the big picture. > The change proposed here would not change anything in those cases, but would then create a new case...

1. Once a distributed query is deny-listed (even if the server continues to send it) it gives the chance to other queries to run and send results. Currently all results...

> Er, I mean... How does the TLS server know? How is this connected to the status? Ah, see the following line in the proposed [diff](https://github.com/osquery/osquery/compare/master...lucasmrod:add-denylist-mechanism-to-dist-queries?expand=1#diff-5f6f33f1c716a9fc0215321a7506007f98d2a7fd19b6f85da25a1b495ea5c543R151). Let me know if...