Re: heads up: tcpwrappers support going away

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 4/23/2014 1:54 AM, Corinna Vinschen wrote:
Assuming you're updating your Linux distro.  You're using tcp_wrappers
in conjunction with OpenSSH for years.  The distro update comes with
OpenSSH 6.7, now without tcp_wrappers support.  But the OpenSSH update
is just one updated package of several hundreds or thousands.  How
many users will not even get the information that their tcp_wrappers
installation doesn't work anymore?

tcp_wrappers might be an old concept, but simply pulling the plug and
removing the few lines required to support it seems a bit heavy-handed
considering what effect this may have.

Absolutely. While I agree with some of the impetus behind the abandonment of tcpwrappers, I do think it's time for FOSS projects to stop operating as if their projects comprise the Alpha and Omega of peoples' systems.

At the very least, a full cycle of announcing the retirement/obsoletion of the feature in question, followed by issuing a "heads up!" to all distros to warn them that potentially significant consequences will result from people upgrading past a certain version.

While systems that "fail badly", i.e., result in unreachable SSHDs are no doubt quickly noticed and redressed by sysadmins, of more worry are those that simply "work as before" but without the limitations defined at some point in the nebulous past by sysadmins before them.

I realise that these maintenance tasks are mostly unpaid and thankless, and such recommendations are no doubt unwelcome as addition burdens, but this *IS* ssh we're talking about.

I don't know about others in the Linux/BSD-server-sphere, but aside from only DNS, I cannot think of a single thing I expect to work "perfectly" let alone "securely", hundreds of times per day. To me, it's more important than httpd.

=M=
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux