Re: tcp_wrappers deprecation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Tue, 2017-08-15 at 13:58 +0200, Jakub Jelen wrote:
>> Hello Fedora devels and users,
>>
>> more than three years ago, the same topic started discussion if we
>> want
>> this package in Fedora or not and how [1]. The discussion resulted
>> mostly in flames and in the removal of the dependency on tcp_wrappers
>> from systemd. But it was quite agreed that it is considered as a
>> security layer for some users, if they use it correctly, or something
>> that is or should be replaced by firewalls.
>>
>> So can we discuss it now once more without the affiliation to
>> systemd?
>> The fact is that we still do not have any other replacement except
>> firewalls. But do we need one?
>>
>> The complete removal of the package is probably not a wise step, even
>> though we can not find tcp_wrappers in recent SuSE anymore [2]. It is
>> still available in Arch [3] without other tools depending on it. To
>> be
>> fair, Debian [4] is still building tools (for example openssh) with a
>> build-time support for it.
>>
>> My primary concern is OpenSSH, which upstream dropped support for
>> tcp_wrappers three years ago (late 2014) [5] and since then we are
>> maintaining one more downstream patch. But this effort should be
>> coordinated among other components to simplify the transition for
>> users
>> who insist on using it (using tcpd).
>>
>> Removing the dependency will also allow us to trim the default
>> install for few more Kb.
>>
>> If there will be no significant drawbacks, I will progress with
>> filling
>> a system wide change for Fedora 28 and I will pull the maintainers of
>> other tolls using libwrap into the round and discussion.
>
> Hello,
> In Fedora 26, there is over 50 packages using tcp_wrappers as a build-
> time dependency:
>
>
> Since I'm listed twice in there...
>
> With my packages and the situation with build time options I take the
> position of enable as much as possible since our users don't get to pick
> their compilation options.
>
> However tcp_wrappers is a legacy thing that no longer belongs in today's
> world.
>
> I have no objection to a flag day in F28 development and dropping the build
> option at some point, preferably before the thing that is no longer an alpha
> ;) ... ie way before beta.

With F-27 now branched off this can happen in F-28/rawhide now
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux