Re-install libwrap in OpenSSH

Damien Miller djm at mindrot.org
Thu May 21 08:51:59 AEST 2015


I saw the abusive email you sent to me the other day. It's basically
the perfect way to get developers to ignore you, which is exactly what
I'm going to do now.

On Wed, 20 May 2015, Stephan von Krawczynski wrote:

> Hello all,
> 
> after a useless discussion on the opensuse ML I had to find out that they
> buried the removal news of libwrap last year in some half-sentence. So this is
> unfortunately pretty late for the topic. Nevertheless it is pretty obvious
> that you did not get any feedback from people using ssh over decades in
> server-administration. Let me make a clear point: libwrap removal was a pretty
> bad idea. It is a well-used security feature that is _not_ replaceable by your
> match-statement. As a first libwrap has features that match does not have.
> Second libwrap is easy-to-use and offers a possibility to make securtiy
> adjustments in _one_ file for nearly all services, whereas you propose to edit
> proprietary config files of all services with proprietary config statements
> for each service. If you have 20 of those you end up editing 20 config files
> in 20 different places in the fs with at least 20 different statements. This
> is _shit_. I am not against your match statement, leave it as is. But do not
> drop libwrap. If you deny libwrap somebody will fork the project for sure.
> libwrap has not changed for years because it simply works. And firewall rules
> are no replacement for it, because libwrap is not only an ip filter. It seems
> you did not know that when you made the wrong decision. Please cc me in case
> as I am not reading the list.
> 
> -- 
> Regards,
> Stephan
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 


More information about the openssh-unix-dev mailing list