Most certainly YES!!! Next to iptables tcp_wrappers is a solid seconde line of defense. The argument that is is no longer developped is rubbish. The package does what is should do, functionality isexactly what it should be and it is bug free. Also it is flexible enough to do other tricks with it like spawning something depending on the ip address the incoming connection is coming from. It is a great product thanks to Wietse Venemaand others who integrated it to e.g. ssh. Dont drop it please!!!!!!!!!!!
Adrian
On Sun, 2014-03-23 at 19:28 +0100, adrian@pa0rda.nl wrote:
Most certainly YES!!! Next to iptables tcp_wrappers is a solid seconde line of defense. The argument that is is no longer developped is rubbish.
Geen onzin :-)
Who is developing the software's functionality ?
There is no current maintainer. Inevitably software may need alterations, even small alterations, but without a volunteer maintainer how can those alterations be done uniformly to all versions all over the world ?
No one has stated the software is bad. The comments have been its old and un-maintained. Old software does work well, so that is not an excuse to kill-it-off. But without a maintainer who can add new functions and repair any deficiencies (if they ever occur) what future has this software realistically got ?
If TCP Wrappers "disappears" into oblivion after Centos/RHEL 7 finishes, is that likely to create a problem ? Individuals can, I assume, still compile it and use it with Centos.
Mvg,
On Sun, Mar 23, 2014 at 5:21 PM, Always Learning centos@u62.u22.net wrote:
There is no current maintainer. Inevitably software may need alterations,
Inevitable - why? Bits don't just wear out. Don't break the interfaces it uses and software will just keep on working.
On Sun, Mar 23, 2014 at 5:21 PM, Always Learning centos@u62.u22.net wrote:
There is no current maintainer. Inevitably software may need alterations,
On Sun, 2014-03-23 at 17:43 -0500, Les Mikesell wrote:
Inevitable - why? Bits don't just wear out. Don't break the interfaces it uses and software will just keep on working.
In my first two computer jobs characters had 9 bits; now characters have just 8. Bits do go missing :-)
What is to stop a volunteer making a version for each Centos release ? and then putting it in a public repository ? The only difficulty I foresee is lack of modern (for RHEL/Centos 8) compilation libraries.
I do not influence Red Hat's decisions. Perhaps it would help if a volunteer maintainer emerged as the new TCP Wrappers champion ?
On 2014-03-23, Always Learning centos@u62.u22.net wrote:
I do not influence Red Hat's decisions. Perhaps it would help if a volunteer maintainer emerged as the new TCP Wrappers champion ?
It certainly would, and therein lies the problem: nobody has actually volunteered for this position. From the original question posed, it seems like they would be more inclined to keep it if there were a maintainer. Because ultimately that's really the issue: it's not "it doesn't work now" but "what happens if something breaks in the future?" And please don't say "what could break?" because that would almost certainly jinx us, and we'd find a zero-day exploit within hours. ;-)
I would like to observe that the original post did not state "we are removing tcp wrappers from RHEL". It said "we are discussing removing it from Fedora".
And finally, if it did come to pass that tcp wrappers were removed from RHEL, a SIG or other group could emerge which could maintain packages for tcp wrappers for CentOS. (Yes, admins can compile their own packages, but that'd be something not directly CentOS-related.)
--keith
-
adrian@pa0rda.nl -
Always Learning -
Keith Keller -
Les Mikesell