Re-install libwrap in OpenSSH

Karsten Künne kuenne at rentec.com
Thu May 21 00:53:47 AEST 2015


On Wednesday 20 May 2015 14:46:57 Peter Stuge wrote:
> Stephan von Krawczynski wrote:
> > it is pretty obvious
> 
> I guess you're not only not subscribed to the development list, but
> you seem to also not have looked at the list archives.
> 
> You can only seem like a troll if you act as if you know best but
> in fact you are wrong. It's up to you whether you want to risk that
> of course, but it's dangerous for your case.
> 
> > libwrap removal was a pretty bad idea.
> 
> There was discussion. I recommend that you look for it in the
> archives, so that you can join the discussion without repeating
> what has already been said.
> 
> > _not_ replaceable by your match-statement.
> 
> This rhetoric makes it sound like it is very important for you to
> distance yourself from the OpenSSH developers. That may not be such
> a great strategy when you want someone to do something for you.
> 
> The rationale is that firewall rules can replace libwrap and that
> removing libwrap removes a significant attack surface exposed to the
> network.
> 
> > make securtiy adjustments in _one_ file for nearly all services
> > whereas you propose to edit proprietary config files of all
> > services with proprietary config statements for each service.
> 
> If you actually care about security then don't you need to hand-craft
> those config files regardless of libwrap?
> 
> And 20 services on one system? That seems a high number to me.
> 
> > If you deny libwrap
> 
> That is already the case.
> 
> > somebody will fork the project for sure.
> 
> Go for it. I think uptake will be limited. I think your best bet will
> be for you to contribute modifications to your prefered distribution.
> 
> > you made the wrong decision. Please cc me in case as I am not
> > reading the list.
> 
> If you had been reading the list you would already have known
> everything I wrote in this email.
> 

Please ignore this troll! He already polluted the opensuse mailing list with 
his ignorant postings.


Karsten.
-- 
Sweet sixteen is beautiful Bess,
And her voice is changing -- from "No" to "Yes".



More information about the openssh-unix-dev mailing list