On Apr 23 08:34, Alex Bligh wrote: > > On 22 Apr 2014, at 23:31, James Cloos wrote: > > >>>>>> "DM" == Damien Miller <djm@xxxxxxxxxxx> writes: > > > > DM> This is an early warning: OpenSSH will drop tcpwrappers in the next > > DM> release. > > > > This will need a wider announcement. Most auto-block solutions I've > > looked at add entries to hosts.allow. > > +1. Denyhosts suddenly stopping working is not a great plan. Indeed. The problem here is not that no replacement methods exist (though I'm not so sure how to do that on Windows, I admit), the problem is that you're leaving users hanging in the rain. Assuming you're updating your Linux distro. You're using tcp_wrappers in conjunction with OpenSSH for years. The distro update comes with OpenSSH 6.7, now without tcp_wrappers support. But the OpenSSH update is just one updated package of several hundreds or thousands. How many users will not even get the information that their tcp_wrappers installation doesn't work anymore? tcp_wrappers might be an old concept, but simply pulling the plug and removing the few lines required to support it seems a bit heavy-handed considering what effect this may have. Corinna -- Corinna Vinschen Cygwin Maintainer Red Hat
Attachment:
pgp5R6VTpWR9t.pgp
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev