2014-03-20 18:59 GMT+01:00 Paul Wouters <p...@nohats.ca>:
> On Thu, 20 Mar 2014, Lennart Poettering wrote:
>
> I wonder whether it wouldn't be time to say goodbye to tcpwrappers in
>> Fedora.
>>
>
> I'd be happy to see those go.
>
> Those who depend on it though, should see some "failed closed"
> behaviour, so their service does not suddenly become more exposed.
>
Wouldn't failing closed essentially involve keeping libwrap, keeping all
the callers, keeping the existing parser, only ignoring most of the rule
and treating any rule matching the daemon name as DENY? At that point we
might just as well keep the non-controversially-safe functionality like IP
checks working.
Mirek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
