Re: hackers celebrate this day: openssh drops security! was: Re: heads up: tcpwrappers support going away

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 04/23/2014 02:55:14 PM, Cedric Blancher wrote:

> Seriously - the discussion is stupid: If tcpwrappers support gets
> removed than a replacement is required which is executed at the same
> location and not much later in the code.

Well, no.  If you want system-wide packet filtering, which is what
tcpwrapper provides, putting that into the application layer is
what is stupid.  Use, instead, a real system wide packet filter --
whatever the system firewall is.

What I find interesting is that the ssh maintainers
seem to have declared, purposefully or not,
that they are serving the distros not the end
user.  They are leaving it to the distros to
provide a smooth upgrade path to the end-user.

Nothing really wrong with that.  The alternative,
depreciation with warnings in the logs or whatever
for a lengthy transition period, being work that
might be better spent on maintaining security.

I do find that abrupt dropping of a feature is
a little jarring.  But on the other hand who hasn't
known forever that tcpwrappers is a lame solution?
(Most everybody?!)  The writing has been on the
wall for a long time.

Regards,

Karl <kop@xxxxxxxx>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux