Re: Maybe it's time to get rid of tcpwrappers/tcpd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On 03/20/2014 07:45 PM, Lennart Poettering wrote:
> On Thu, 20.03.14 14:31, Martin Langhoff (martin.langhoff@xxxxxxxxx) wrote:
> 
>> On Thu, Mar 20, 2014 at 1:34 PM, Lennart Poettering <mzerqung@xxxxxxxxxxx>wrote:
>>
>>> I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
>>> Fedora. There has been a request in systemd upstream to disable support
>>>
>>
>> As Stephen points out, they are used. Does systemd+xinetd match their
>> functionality?
> 
> No. systemd is not a firewall. It currently supports libwrap checks for
> socket activated services. And I'd really like to get rid of that...
> 
> I have no doubt that some people use them, however I am also pretty sure
> that they are massively awful, and not worth the trouble, and that I'd
> prefer not to see this crap in the default install. However, since the
> library is currently hooked into a lot of services (starting with
> systemd itself) I currently cannot do "rpm -e".
> 
> I mean, I really don't mind that tcpd/tcpwrap stays in the archives, if
> people want to make use of that. I am simply proposing to not link
> agains them anymore for everything that is in the default system.

So as an innocent bystander who happens to be reading along this thread,
I see 2 sides to the story here:

Lennart says:
1) It is horrible code
2) It really really is horrible horrible code
3) And there are other ways to achieve the same goal, so lets kill it

Others say:
1) There may be other ways but non so easily central managed with with
a unified syntax for all services

The argument which the others are making actually sounds a lot like
a lot of the arguments in favor of systemd (wrt standardizing, etc.).

And I'm getting the feeling that Lennart is not as much opposed to the
functionality of tcp-wrappers, as that he *really* hates the code.

So maybe a solution would be to write a libwrap2 instead ?

So offer something with equivalent functionality (and config file
syntax compatibility), with a nice modern clean API and then systemd
and others can be moved over to that 1 by 1, and once we've no more
users left we can kill of the old beast ?

Note I've nothing to do with anything in this discussion, but I
just noticed a certain trend in it and I hope the above may lead
to a more fruitful discussion.

Regards,

Hans
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux