heads up: tcpwrappers support going away

Corinna Vinschen vinschen at redhat.com
Wed Apr 23 18:54:26 EST 2014

On Apr 23 08:34, Alex Bligh wrote:
> On 22 Apr 2014, at 23:31, James Cloos wrote:
> >>>>>> "DM" == Damien Miller <djm at mindrot.org> writes:
> > 
> > DM> This is an early warning: OpenSSH will drop tcpwrappers in the next
> > DM> release.
> > 
> > This will need a wider announcement.  Most auto-block solutions I've
> > looked at add entries to hosts.allow.
> +1. Denyhosts suddenly stopping working is not a great plan.

Indeed.  The problem here is not that no replacement methods exist
(though I'm not so sure how to do that on Windows, I admit), the problem
is that you're leaving users hanging in the rain.

Assuming you're updating your Linux distro.  You're using tcp_wrappers
in conjunction with OpenSSH for years.  The distro update comes with
OpenSSH 6.7, now without tcp_wrappers support.  But the OpenSSH update
is just one updated package of several hundreds or thousands.  How
many users will not even get the information that their tcp_wrappers
installation doesn't work anymore?

tcp_wrappers might be an old concept, but simply pulling the plug and
removing the few lines required to support it seems a bit heavy-handed
considering what effect this may have.


Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140423/f288c173/attachment.bin>

More information about the openssh-unix-dev mailing list