On Wed, Jun 20, 2018 at 12:50:32AM +0200, ????????????? wrote: > Perhaps to better illustrate the matter. Since I am utilizing unbound > resolver the first thing I do when an update becomes available I head > over to their web space (unbound.net) and there is a news section on the > right hand, similar to netfilter on their left, but the difference being > that clicking |more| on the unbound release news it provides instant > information about changes, bug fixes and new features. That is something > imperative for a user to know in order to utilize the app as best as > possible and to adapt to whatever changes, particularly syntax, the new > release brings. > > Such does not happen with netfilter news - it leads to version number, > release date, tarball and gpg signature and that it is, leaving one > guessing of what changes were made on each version bump. > Case in point is the raw payload notion becoming available with version > 0.8.3. Where would one find such information? > > Imho I would reckon that making such information readily available would > help the promotion of NFT with users perhaps yet reticent to make the > transition from ipt. > > On the other subject about the developer's statement - I am not aware of > how he arrived at such conclusion and I certainly would like to counter > it. Is NFT not being frequently security audited/reviewed since being > part of the kernel for over 4 years now? That statement is certainly not > promoting NFT. > > > Hi, > > > > looked at the NFT homepage and its wiki and also run an inet search > > "nftables version history/list" and came up all but empty. Is there are > > place for the layman to read/access the NFT release history and to see > > what are the changes between the version bumps? > > > > Asking about implementation - recently I had discussion with a developer > > about their product support for NFT and been told that: > > > > quote > > ... > > we can???t actually make use of nftables until it???s reviewed for security > > and has a LTS commitment from Canonical (is promoted to |main|). Until > > such time, .. and ... cannot depend or recommend it at the packaging > > level, even if we did add support for it in the upstream code. > > > > unquote > > > > I found this rather astonishing considering that NFT is said to be > > available upstream since Linux kernel 3.13 (JAN 19 2014) and it > > certainly confuses me about NFT security and LTS commitment. > > > Also you can clone the git repository and peruse the git log. That mey be more detail then you want though. Cheers ... Duncan. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
