Re: Maybe it's time to get rid of tcpwrappers/tcpd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/20/2014 01:55 PM, Hans de Goede wrote:
> Hi,
> 
> On 03/20/2014 07:45 PM, Lennart Poettering wrote:
>> On Thu, 20.03.14 14:31, Martin Langhoff
>> (martin.langhoff@xxxxxxxxx) wrote:
>> 
>>> On Thu, Mar 20, 2014 at 1:34 PM, Lennart Poettering
>>> <mzerqung@xxxxxxxxxxx>wrote:
>>> 
>>>> I wonder whether it wouldn't be time to say goodbye to
>>>> tcpwrappers in Fedora. There has been a request in systemd
>>>> upstream to disable support
>>>> 
>>> 
>>> As Stephen points out, they are used. Does systemd+xinetd match
>>> their functionality?
>> 
>> No. systemd is not a firewall. It currently supports libwrap
>> checks for socket activated services. And I'd really like to get
>> rid of that...
>> 
>> I have no doubt that some people use them, however I am also
>> pretty sure that they are massively awful, and not worth the
>> trouble, and that I'd prefer not to see this crap in the default
>> install. However, since the library is currently hooked into a
>> lot of services (starting with systemd itself) I currently cannot
>> do "rpm -e".
>> 
>> I mean, I really don't mind that tcpd/tcpwrap stays in the
>> archives, if people want to make use of that. I am simply
>> proposing to not link agains them anymore for everything that is
>> in the default system.
> 
> So as an innocent bystander who happens to be reading along this
> thread, I see 2 sides to the story here:
> 
> Lennart says: 1) It is horrible code 2) It really really is
> horrible horrible code 3) And there are other ways to achieve the
> same goal, so lets kill it
> 
> Others say: 1) There may be other ways but non so easily central
> managed with with a unified syntax for all services
> 
> The argument which the others are making actually sounds a lot
> like a lot of the arguments in favor of systemd (wrt standardizing,
> etc.).
> 
> And I'm getting the feeling that Lennart is not as much opposed to
> the functionality of tcp-wrappers, as that he *really* hates the
> code.
> 
> So maybe a solution would be to write a libwrap2 instead ?
> 
> So offer something with equivalent functionality (and config file 
> syntax compatibility), with a nice modern clean API and then
> systemd and others can be moved over to that 1 by 1, and once we've
> no more users left we can kill of the old beast ?
> 
> Note I've nothing to do with anything in this discussion, but I 
> just noticed a certain trend in it and I hope the above may lead to
> a more fruitful discussion.
> 
> Regards,
> 
> Hans
> 

Hans,
Now that is just too entirely rational ;).

This sounds like a wonderful solution, but someone has to be willing
to write the thing.

- -Erinn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJTK0hrAAoJEFg7BmJL2iPOsnwH/0q5Kf7GvOMKaAemk9y/mYmE
nsB0QHt8nVhWTOd+T4O726loBZlE5pEzhdFTseIROYsmrSsKaKl7DR44CuVSOyXp
q0+TDkT17YxpbrM1OqZWFVW3osbvQo2dohgwaCovviOOiKKHprSC/teTRJ3eKjZI
B1Ymw6PnxzAdyNkrisWqgSpTCCTKvqCLDqLXVRLpC8K/3rj5IY7h8CPg2Ny3ORZI
vL6bP4cAfvdS3wmKeSSIPzvRroPORSWTVJ3IOkvX3NBuWweaIh5nxqP1kiLbkx5G
a8akc48Lhq1DKD0L7aAOHzPb4gtBDw6YnkJu6soCBA0eguRUhyMSMMwrcZBqkoI=
=k0nE
-----END PGP SIGNATURE-----
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux