On Wednesday, July 13, 2011, Stéphane Gaudreault <stephane@archlinux.org> wrote:
Le 13 juillet 2011 08:10:26 Dave Reisner a écrit :
On Wed, Jul 13, 2011 at 12:55:51PM +1000, Allan McRae wrote:
On 13/07/11 12:27, Dave Reisner wrote:
I'd like to pick up something Dan proposed about a year ago, which is dropping support for tcp_wrappers. Its last official upstream release was 1997, and we currently add 10 patches to it from 3 different distros in order to make it compile, fix bugs, and add features (ipv6). We also add in an odd default of ALL: ALL in the config file, meaning that the first thing most people do on a new arch system is add a line to /etc/hosts.allow along the lines of 'sshd: ALL' (or just delete the blanket deny. To my knowledge, there isn't anything tcp_wrappers does that iptables can't do more eloquently, and without the need to be linked against an external library.
Therefore, I'd like to propose that we just dump this. The rebuild list would be small, at 20 packages:
archboot dante esound exim gdm inetutils libmysqlclient mailutils net-snmp nfs-utils openldap openssh quota-tools rrdtool socat stunnel syslog-ng tftp-hpa vsftpd xinetd
Is there any pressing reason to hang onto this aging library?
For reference:
Dan's original email about this: http://mailman.archlinux.org/pipermail/arch-dev-public/2010-September/01 7872.html
and the follow-up a few months later: http://mailman.archlinux.org/pipermail/arch-dev-public/2010-December/018 754.html
Given the lack of strong opinion either way last time, I'd lean on dropping the package just because it seems to have no upstream development and all the patching that is required. So just create a rebuild list and get as many of those packages rebuilt without tcp_wrappers and go from there.
Allan
and just to follow up, the todo list for this is:
http://www.archlinux.org/todo/86/
dave
No objection, but a comment.
You started that discussion and created the todo list after only 10 hours. As we are not all in the same timezone, it is likely that some people could not express their opinion within such a short period. I would suggest to wait at least 24 hours before taking action.
Stéphane
I would say the same, but a todo list isn't a to-done list, so keep that in mind. He also pointed out that I got little to no feedback when I asked about this both a year and six months ago, so expectations are pretty low this time around. I'm sure if there were serious objections people would raise them and we could address them. This is worthy of a news article once we move packages to core only because it could expose some services people didn't previously expect to need to protect. -Dan