heads up: tcpwrappers support going away
Corinna Vinschen
vinschen at redhat.com
Wed Apr 23 18:54:26 EST 2014
On Apr 23 08:34, Alex Bligh wrote:
>
> On 22 Apr 2014, at 23:31, James Cloos wrote:
>
> >>>>>> "DM" == Damien Miller <djm at mindrot.org> writes:
> >
> > DM> This is an early warning: OpenSSH will drop tcpwrappers in the next
> > DM> release.
> >
> > This will need a wider announcement. Most auto-block solutions I've
> > looked at add entries to hosts.allow.
>
> +1. Denyhosts suddenly stopping working is not a great plan.
Indeed. The problem here is not that no replacement methods exist
(though I'm not so sure how to do that on Windows, I admit), the problem
is that you're leaving users hanging in the rain.
Assuming you're updating your Linux distro. You're using tcp_wrappers
in conjunction with OpenSSH for years. The distro update comes with
OpenSSH 6.7, now without tcp_wrappers support. But the OpenSSH update
is just one updated package of several hundreds or thousands. How
many users will not even get the information that their tcp_wrappers
installation doesn't work anymore?
tcp_wrappers might be an old concept, but simply pulling the plug and
removing the few lines required to support it seems a bit heavy-handed
considering what effect this may have.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140423/f288c173/attachment.bin>
More information about the openssh-unix-dev
mailing list