= Proposed System Wide Change: Deprecate TCP wrappers = https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers Change owner(s): * Jakub Jelen <jjelen AT redhat DOT com > TCP wrappers is a simple tool to block incoming connection on application level. This was very useful 20 years ago, when there were no firewalls in Linux. This is not the case for today and connection filtering should be done in network level or completely in application scope if it makes sense. After recent discussions I believe it is time to go for this package, if not completely, than at least as a dependency of modern daemons in system by default. == Detailed Description == Last version of tcp_wrappers was released 20 years ago (with later addition of IPv6 support). At that time, it was very powerful tool to "block all traffic", but these days we can do the same thing using firewalls/iptables/nftables for all traffic on network level or similar filtering exists in most of the applications. One of the motivating factors for this change was removal of TCP wrappers support from systemd and openssh in 2014, based on the thread on fedora devel list [1]. I started another thread during 2017 [2] which is trying to explain the reasons why we should do that with other constructive ideas. Another factor which has driven the deprecation of this package is the lack of any upstream community around it. Although the threats on networking communications increase, the threat coverage of this package has remained the same the last two decades, suggesting that new threats are now being handled on different components. [1] https://lists.fedoraproject.org/pipermail/devel/2014-March/196913.html [2] https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/2IBVP66BM6HUZVRTFIVURNZUR2XSUMOD/ == Scope == * Proposal owners: Deprecate tcp_wrappers in Fedora, remove dependency on other pacakges maintained and notify other maintainers to follow the same procedure. * Other developers: Remove dependency of your software on tcp_wrappers * Release engineering: https://pagure.io/releng/issues/7029 List of deliverables: Not affected Policies and guidelines: If package will not be retired, update packaging guidelines to NOT RECOMMEND building against tcp_wrappers Trademark approval: N/A (not needed for this Change) -- Jan Kuřík Platform & Fedora Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
