Hello Fedora devels and users, more than three years ago, the same topic started discussion if we want this package in Fedora or not and how [1]. The discussion resulted mostly in flames and in the removal of the dependency on tcp_wrappers from systemd. But it was quite agreed that it is considered as a security layer for some users, if they use it correctly, or something that is or should be replaced by firewalls. So can we discuss it now once more without the affiliation to systemd? The fact is that we still do not have any other replacement except firewalls. But do we need one? The complete removal of the package is probably not a wise step, even though we can not find tcp_wrappers in recent SuSE anymore [2]. It is still available in Arch [3] without other tools depending on it. To be fair, Debian [4] is still building tools (for example openssh) with a build-time support for it. My primary concern is OpenSSH, which upstream dropped support for tcp_wrappers three years ago (late 2014) [5] and since then we are maintaining one more downstream patch. But this effort should be coordinated among other components to simplify the transition for users who insist on using it (using tcpd). Removing the dependency will also allow us to trim the default install for few more Kb. If there will be no significant drawbacks, I will progress with filling a system wide change for Fedora 28 and I will pull the maintainers of other tolls using libwrap into the round and discussion. [1] https://lists.fedoraproject.org/pipermail/devel/2014-March/196913.h tml [2] https://www.rpmfind.net/linux/rpm2html/search.php?query=tcpd&submit =Search+...&system=&arch= [3] https://www.archlinux.org/packages/community/x86_64/tcp-wrappers/ [4] https://packages.debian.org/sid/openssh-server [5] http://www.openssh.com/txt/release-6.7 Thank you for comments and constructive ideas. Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
