Re: Maybe it's time to get rid of tcpwrappers/tcpd?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 20, 2014 at 08:06:26PM +0100, Florian Weimer wrote:
> I believe DenyHosts is unmaintained as well:

fail2ban is maintained, does basically the same thing, can use iptables and
optionally firewalld, and can watch the systemd journal. Maybe that could go
in the release notes.

I think in general that part of the reason tcp_wrappers has rotted is that
interfaces to packet filtering tools have gotten better and easier over the
past two decades.

I'm basically in favor of this, with a big star put by Stephen Smoogen's
concern about enterprise defense-in-depth policies. But just so no one is
surprised if I say this later, unless there is overwhelming feedback that
it's time for it to go now, I think it's reasonable to declare it deprecated
for F21, with release notes, warnings in hosts.allow and hosts.deny, updates
in the documentation (which current recommends using both in conjunction)
http://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd
and so on. Then if that goes smoothly and gets positive (or, zero) user
feedback, we can remove it for F22.

-- 
Matthew Miller    --   Fedora Project    --    <mattdm@xxxxxxxxxxxxxxxxx>
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux