> The current documentation has worked well enough for the past 15-20
> years or so, but if you really believe that younger sysadmins ...
Hmm ... I think you're assuming that only sysadmins ever need to know
how to secure a computer. I think that every user of Linux is their own
acting sysadmin and, like myself, has no training in sysadmining. If
Linux is to actually be usable by the masses, we need to make it
practical for ordinary users to ensure their machines are suitably
secure. Being able to configure /etc/hosts.{allow,deny} is a proper
part of that. If explained properly, it's simple enough that users have
a fair chance at that; but the present man pages serve a new-comer
poorly.
> please send me a patch for hosts_access(5) which removes references to
> the old syntax.
I may give that a go - but, to do so, I'll need answers to:
* What are the man pages for libwrap's APIs ? The man pages for
hosts.{allow,deny} should reference these.
* Is it known that nothing still supports the old syntax ? I certainly
don't know. What was the actual history, and is it actually correct
to leave no mention of it ? When was it supported, on what systems,
and what incompatibilities may one encounter by failing to consider
the old syntax ?
The former should be referenced from the hosts_access(5) page; the
latter are matters that should be taken into account when deciding
whether to drop all mention of the old syntax or to include advice on
how to upgrade from it.
> You are seriously misunderstanding how libwrap works: it is a library,
> and it parses the hosts files by itself.
With due respect, I believe you are seriously misunderstanding my bug
report, a major part of which is that "man hosts.{allow,deny}" doesn't
give any clue that there's a library to parse these files. You don't
even seem to have noticed that I worked this out (albeit by guesswork
based on the package name, subsequently confirmed by looking at the
package's contents) !
Someone previously ignorant of how hosts.{allow,deny} work shall
naturally type man hosts.allow or man hosts.deny; and the information
they'll get is, frankly, misleading and incomplete. It describes an
out-of-date format for the files and fails to give any clue to the
existence of a library that implements proper support.
I am compelled to wonder how many applications that should be using this
library don't and, in practice, ignore anything but the first two fields
of hosts.{allow,deny} lines, since their authors got confused guidance,
on how to parse anything after that, from the documentation they
properly consulted to find out what to support.
Eddy.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
