I am an end user who is very unhappy about the removal of this option. I didn't even know dropping tcp_wrappers was under consideration; had I known that I would have spoken up with my vote against removing support. The annoucement suggests that a major reason for dropping support is that it is "confusing" to end users. An easy solution to that is to make a default hosts.allow file that says "ALL : ALL : ALLOW" out of the box. Then those of use wanting to simply restrict access (useful in many scenarios) can change that default as needed. IMO for users who want to use this feature, the burden is on the end user to find which services support tcp wrappers and which don't. A default "allow" policy makes this simple. Surely I'm not the only tcp wrappers user out there. I will sorely miss this option and strongly wish it to remain.