jkurik wrote: > [...] > https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers > > TCP wrappers is a simple tool to block incoming connection on > application level. This was very useful 20 years ago, when there were > no firewalls in Linux. This is not the case for today and connection > filtering should be done in network level or completely in application > scope if it makes sense. [...]
Usefulness is in the eye of the beholder. It is certainly useful to some people today, as a defence-in-depth measure if nothing else. > Another factor which has driven the deprecation of this package is the > lack of any upstream community around it. A simple finished piece of software does not require an upstream community. > Although the threats on networking communications increase, the threat > coverage of this package has remained the same the last two decades, > suggesting that new threats are now being handled on different > components. [...] This does not mean that the threats handled adequately by tcp-wrappers are moot or irrelevant. If despite objections like this, y'all were to go ahead and ditch tcp-wrapper linked-in support, please at least request retention of capability to wrap the servers with tcpd (or equivalent) ourselves. - FChE _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
