Hi, Christopher. Thanks for asking this question. It's a good one. On Saturday, 06 October 2018 at 12:54, Christopher Engelhard wrote: > Hi, > I've recently created a package for SSHGuard [1]. SSHGuard is a program > to block brute-force attacks on SSH and other services, similar to > fail2ban/etc. > > Now, my issue is the following: > > - SSHGuard is completely agnostic with respect to the firewall-backend > it uses and the logs it reads. Accordingly, it ships with an example > config file that does not set either backend or logreader, the user has > to do that themselves. There are, however, commented example lines > configuring iptables + journald. > - Fedora, obviously, by default uses firewalld and journald. > > What is the guideline for packaging software like this: > 1) Leave it as upstream ships it. > - user will have to configure the package before it becomes > functional > - no dependency on any non-essential packages > 2) ship example config file as real config file, with upstream's example > config activated > - package works out-of-the-box > - introduces additional, non-default dependency (iptables) Ship this configuration in a subpackage (sshguard-iptables). Use rich dependencies to have it auto-installed if iptables-services is installed. > 3) ship custom config file preconfigured for Fedora defaults > - package works out-of-the-box > - introduces dependency on default Fedora packages (firewalld) Ship this configuration in a subpackage (sshguard-firewalld). Use rich dependencies to have it auto-installed if firewalld is installed. > Granted, option (2) is rather silly, It's not silly if it's optional. > but is (1) or (3) the correct way to go about configuring the package? (3) is the best option if you want to do as little work as possible but still create a seamless experience for the default case. With a little more work, you can make users of non-default configurations (like myself) happy(-ier). PS. What's wrong with fail2ban? Regards, Dominik -- Fedora https://getfedora.org | RPMFusion http://rpmfusion.org There should be a science of discontent. People need hard times and oppression to develop psychic muscles. -- from "Collected Sayings of Muad'Dib" by the Princess Irulan _______________________________________________ packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx
