heads up: tcpwrappers support going away

André Lucas andre at ae-35.com
Wed Apr 23 20:08:36 EST 2014


On 23 April 2014 10:21, Morham <opensshdev at r.paypc.com> wrote:
...

> I realise that these maintenance tasks are mostly unpaid and thankless,
> and such recommendations are no doubt unwelcome as addition burdens, but
> this *IS* ssh we're talking about.
>
> I don't know about others in the Linux/BSD-server-sphere, but aside from
> only DNS, I cannot think of a single thing I expect to work "perfectly"
>  let alone "securely", hundreds of times per day.  To me, it's more
> important than httpd.


[Re-replying to the list, finger trouble.]

Agreed; but to me that's why the developers' willingness to prune
potentially dangerous features, even when it's likely to cause controversy,
is so valuable. I wish it were more common.

For those that rely on llibwrap, or for distros who want to support it for
their users, the option exists to patch it back in. I doubt it would be at
all difficult to do. Hopefully, some will decide instead that the reasons
given above for not using libwrap are pretty convincing, and that maybe
they or their users will be better served by doing something else.
 -André


More information about the openssh-unix-dev mailing list