Perhaps to better illustrate the matter. Since I am utilizing unbound resolver the first thing I do when an update becomes available I head over to their web space (unbound.net) and there is a news section on the right hand, similar to netfilter on their left, but the difference being that clicking |more| on the unbound release news it provides instant information about changes, bug fixes and new features. That is something imperative for a user to know in order to utilize the app as best as possible and to adapt to whatever changes, particularly syntax, the new release brings. Such does not happen with netfilter news - it leads to version number, release date, tarball and gpg signature and that it is, leaving one guessing of what changes were made on each version bump. Case in point is the raw payload notion becoming available with version 0.8.3. Where would one find such information? Imho I would reckon that making such information readily available would help the promotion of NFT with users perhaps yet reticent to make the transition from ipt. On the other subject about the developer's statement - I am not aware of how he arrived at such conclusion and I certainly would like to counter it. Is NFT not being frequently security audited/reviewed since being part of the kernel for over 4 years now? That statement is certainly not promoting NFT. > Hi, > > looked at the NFT homepage and its wiki and also run an inet search > "nftables version history/list" and came up all but empty. Is there are > place for the layman to read/access the NFT release history and to see > what are the changes between the version bumps? > > Asking about implementation - recently I had discussion with a developer > about their product support for NFT and been told that: > > quote > ... > we can’t actually make use of nftables until it’s reviewed for security > and has a LTS commitment from Canonical (is promoted to |main|). Until > such time, .. and ... cannot depend or recommend it at the packaging > level, even if we did add support for it in the upstream code. > > unquote > > I found this rather astonishing considering that NFT is said to be > available upstream since Linux kernel 3.13 (JAN 19 2014) and it > certainly confuses me about NFT security and LTS commitment. > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html