On Thu, Mar 20, 2014 at 08:06:26PM +0100, Florian Weimer wrote: > I believe DenyHosts is unmaintained as well: fail2ban is maintained, does basically the same thing, can use iptables and optionally firewalld, and can watch the systemd journal. Maybe that could go in the release notes. I think in general that part of the reason tcp_wrappers has rotted is that interfaces to packet filtering tools have gotten better and easier over the past two decades. I'm basically in favor of this, with a big star put by Stephen Smoogen's concern about enterprise defense-in-depth policies. But just so no one is surprised if I say this later, unless there is overwhelming feedback that it's time for it to go now, I think it's reasonable to declare it deprecated for F21, with release notes, warnings in hosts.allow and hosts.deny, updates in the documentation (which current recommends using both in conjunction) http://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd and so on. Then if that goes smoothly and gets positive (or, zero) user feedback, we can remove it for F22. -- Matthew Miller -- Fedora Project -- <mattdm@xxxxxxxxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
