On Mon, Jul 16, 2012 at 04:57:48PM -0700, Ben Pfaff wrote: > On Fri, Jul 13, 2012 at 02:19:10PM +0900, Simon Horman wrote: > > On Thu, Jul 12, 2012 at 09:48:34PM -0700, Ben Pfaff wrote: > > > On Fri, Jul 13, 2012 at 01:46:39PM +0900, Simon Horman wrote: > > > > On Thu, Jul 12, 2012 at 09:17:11PM -0700, Ben Pfaff wrote: > > > > > Debian kernel maintainer Bastian Blank writes, at > > > > > http://bugs.debian.org/680537: > > > > > > > > > > The netfilter rules are a shared resource. There is no > > > > > synchronization, > > > > > so the admin have the last word. As kernel maintainer, I see it > > > > > similar > > > > > to a configuration file, so ยง10.7 policy applies. > > > > > > > > > > The purpose of openvswitch is to provide support for switching, > > > > > not to > > > > > setup filter rules. This means it violates the principle of least > > > > > surprise. > > > > > > > > > > I believe that the argument by analogy to configuration files is weak, > > > > > given that the Debian policy section in question is very specifically > > > > > about > > > > > files, not about general principles. On the other hand, Debian does > > > > > not > > > > > install any firewall by default, so the presence of a rule that > > > > > blocks GRE > > > > > traffic is a sign that the administrator has taken an explicit action > > > > > to > > > > > install a firewall that blocks GRE, and therefore it is rather rude to > > > > > override this. Therefore, this patch simply turns off this behavior > > > > > on > > > > > Debian, given that in ordinary Debian installations it will have no > > > > > adverse effect on Open vSwitch. > > > > > > > > FWIW, I am in complete agreement with Ben on this. > > > > > > Want to give me an Acked-by? > > > > Acked-by: Simon Horman <ho...@verge.net.au> > > I uploaded this to Debian as -4. It's already installed in the > archive, although the build failed on ia64 for strange reasons: > http://openvswitch.org/pipermail/dev/2012-July/019025.html > > Justin is going to branch for 1.8 today, then I'll push this to > master.
I finally pushed this to master. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
