On 08/16/2017 11:37 AM, Michal Sekletar wrote: > On Tue, Aug 15, 2017 at 1:58 PM, Jakub Jelen <jjelen@xxxxxxxxxx> wrote: > >> >> So can we discuss it now once more without the affiliation to systemd? >> The fact is that we still do not have any other replacement except >> firewalls. But do we need one? >> > > IIRC, in the past discussion there was quite a lot of people arguing > that we actually need one. I personally don't think we as a > distribution need a drop-in replacement. However, what we possibly > need, is a migration path for already deployed systems using > tcp_wrappers. Just dropping tcp_wrappers and potentially leaving > deployed services completely open would very irresponsible. > > Also we should consider an impact this change will have on our > downstreams focusing on enterprise use-cases (CentOS, RHEL). I recon > that "splash damage" potentially caused by this change will be bigger > there than in Fedora itself. On the other hand shipping downstream openssh patch adding this support when there is already similar functionality present in upstream via the Match directive in sshd_config is something I would definitely not vote for. Tomas _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
