Stephan von Krawczynski wrote: > it is pretty obvious I guess you're not only not subscribed to the development list, but you seem to also not have looked at the list archives. You can only seem like a troll if you act as if you know best but in fact you are wrong. It's up to you whether you want to risk that of course, but it's dangerous for your case. > libwrap removal was a pretty bad idea. There was discussion. I recommend that you look for it in the archives, so that you can join the discussion without repeating what has already been said. > _not_ replaceable by your match-statement. This rhetoric makes it sound like it is very important for you to distance yourself from the OpenSSH developers. That may not be such a great strategy when you want someone to do something for you. The rationale is that firewall rules can replace libwrap and that removing libwrap removes a significant attack surface exposed to the network. > make securtiy adjustments in _one_ file for nearly all services > whereas you propose to edit proprietary config files of all > services with proprietary config statements for each service. If you actually care about security then don't you need to hand-craft those config files regardless of libwrap? And 20 services on one system? That seems a high number to me. > If you deny libwrap That is already the case. > somebody will fork the project for sure. Go for it. I think uptake will be limited. I think your best bet will be for you to contribute modifications to your prefered distribution. > you made the wrong decision. Please cc me in case as I am not > reading the list. If you had been reading the list you would already have known everything I wrote in this email. //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev