On 24 August 2017 at 10:33, Peter Robinson <pbrobin...@gmail.com> wrote:
> > On Tue, 2017-08-15 at 13:58 +0200, Jakub Jelen wrote: > >> Hello Fedora devels and users, > >> > >> more than three years ago, the same topic started discussion if we > >> want > >> this package in Fedora or not and how [1]. The discussion resulted > >> mostly in flames and in the removal of the dependency on tcp_wrappers > >> from systemd. But it was quite agreed that it is considered as a > >> security layer for some users, if they use it correctly, or something > >> that is or should be replaced by firewalls. > >> > >> So can we discuss it now once more without the affiliation to > >> systemd? > >> The fact is that we still do not have any other replacement except > >> firewalls. But do we need one? > >> > >> The complete removal of the package is probably not a wise step, even > >> though we can not find tcp_wrappers in recent SuSE anymore [2]. It is > >> still available in Arch [3] without other tools depending on it. To > >> be > >> fair, Debian [4] is still building tools (for example openssh) with a > >> build-time support for it. > >> > >> My primary concern is OpenSSH, which upstream dropped support for > >> tcp_wrappers three years ago (late 2014) [5] and since then we are > >> maintaining one more downstream patch. But this effort should be > >> coordinated among other components to simplify the transition for > >> users > >> who insist on using it (using tcpd). > >> > >> Removing the dependency will also allow us to trim the default > >> install for few more Kb. > >> > >> If there will be no significant drawbacks, I will progress with > >> filling > >> a system wide change for Fedora 28 and I will pull the maintainers of > >> other tolls using libwrap into the round and discussion. > > > > Hello, > > In Fedora 26, there is over 50 packages using tcp_wrappers as a build- > > time dependency: > > > > > > Since I'm listed twice in there... > > > > With my packages and the situation with build time options I take the > > position of enable as much as possible since our users don't get to pick > > their compilation options. > > > > However tcp_wrappers is a legacy thing that no longer belongs in today's > > world. > > > > I have no objection to a flag day in F28 development and dropping the > build > > option at some point, preferably before the thing that is no longer an > alpha > > ;) ... ie way before beta. > > With F-27 now branched off this can happen in F-28/rawhide now > _______________________________________________ > > Indeed ... it's a great time to do so ... but let's carry it out under the auspices of a System Wide Change for F28 :)
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
