On Thu, Mar 20, 2014 at 4:05 PM, Matthew Miller <mattdm@xxxxxxxxxx> wrote:
> On Thu, Mar 20, 2014 at 12:55:56PM -0700, Keith Keller wrote:
> > > What do you think? Do you rely on hosts.allow/hosts.deny a primary
> security
> > > mechanism? As defense-in-depth? Do you have policies which mandate it?
>
> I currently use it in conjunction with denyhosts, but have been
> > considering moving to something like sshguard with iptables instead. If
> > hosts.deny support disappeared then I would simply go that route when
> > necessary.
> > May I ask what the reason is for considering dropping tcp wrappers
> > support?
>
> I think the main reasons are: upstream library isn't actually maintained
> since June 2001. The API is somewhat ugly and crufty. Possibly also one
> more
> place to check, making systems administration harder.
>
>
> --
> Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/>
>
>
The reasoning here seems to ignore one of the main tenets of open source --
people contribute with the purpose of scratching their own itch. If there
is such a time when tcp wrappers stops working due to bug or other changes,
it's going to break a LOT of stuff. At that point, many people will have a
huge itch to scratch, and there will be a spontaneous coalescense of
support and code from the people who need it.
Why does there need to be a dedicated maintainer for something to be
included/useful? That seems like a bureaucratic requirement that doesn't
take into account the nature of open source. The project (tcp wrappers)
exists as its own entity and will have a maintainer at the time when it
needs one.
The only improvement that could be made is figuring out where a canonical
code repository should exist for it.
Where is this discussion taking place in the Fedora community?
❧ Brian Mathis
P.S. Is this somehow related to your Next proposal and trying to make
Fedora "exciting"?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
