On Wednesday 20 May 2015 14:46:57 Peter Stuge wrote: > Stephan von Krawczynski wrote: > > it is pretty obvious > > I guess you're not only not subscribed to the development list, but > you seem to also not have looked at the list archives. > > You can only seem like a troll if you act as if you know best but > in fact you are wrong. It's up to you whether you want to risk that > of course, but it's dangerous for your case. > > > libwrap removal was a pretty bad idea. > > There was discussion. I recommend that you look for it in the > archives, so that you can join the discussion without repeating > what has already been said. > > > _not_ replaceable by your match-statement. > > This rhetoric makes it sound like it is very important for you to > distance yourself from the OpenSSH developers. That may not be such > a great strategy when you want someone to do something for you. > > The rationale is that firewall rules can replace libwrap and that > removing libwrap removes a significant attack surface exposed to the > network. > > > make securtiy adjustments in _one_ file for nearly all services > > whereas you propose to edit proprietary config files of all > > services with proprietary config statements for each service. > > If you actually care about security then don't you need to hand-craft > those config files regardless of libwrap? > > And 20 services on one system? That seems a high number to me. > > > If you deny libwrap > > That is already the case. > > > somebody will fork the project for sure. > > Go for it. I think uptake will be limited. I think your best bet will > be for you to contribute modifications to your prefered distribution. > > > you made the wrong decision. Please cc me in case as I am not > > reading the list. > > If you had been reading the list you would already have known > everything I wrote in this email. > Please ignore this troll! He already polluted the opensuse mailing list with his ignorant postings. Karsten. -- Sweet sixteen is beautiful Bess, And her voice is changing -- from "No" to "Yes". _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev