[arch-dev-public] dropping tcp_wrapper support
Dave Reisner
d at falconindy.com
Wed Jul 13 08:10:26 EDT 2011
On Wed, Jul 13, 2011 at 12:55:51PM +1000, Allan McRae wrote:
> On 13/07/11 12:27, Dave Reisner wrote:
> >I'd like to pick up something Dan proposed about a year ago, which is
> >dropping support for tcp_wrappers. Its last official upstream release
> >was 1997, and we currently add 10 patches to it from 3 different distros
> >in order to make it compile, fix bugs, and add features (ipv6). We also
> >add in an odd default of ALL: ALL in the config file, meaning that the
> >first thing most people do on a new arch system is add a line to
> >/etc/hosts.allow along the lines of 'sshd: ALL' (or just delete the
> >blanket deny. To my knowledge, there isn't anything tcp_wrappers does
> >that iptables can't do more eloquently, and without the need to be
> >linked against an external library.
> >
> >Therefore, I'd like to propose that we just dump this. The rebuild list
> >would be small, at 20 packages:
> >
> >archboot
> >dante
> >esound
> >exim
> >gdm
> >inetutils
> >libmysqlclient
> >mailutils
> >net-snmp
> >nfs-utils
> >openldap
> >openssh
> >quota-tools
> >rrdtool
> >socat
> >stunnel
> >syslog-ng
> >tftp-hpa
> >vsftpd
> >xinetd
> >
> >Is there any pressing reason to hang onto this aging library?
> >
>
> For reference:
>
> Dan's original email about this:
> http://mailman.archlinux.org/pipermail/arch-dev-public/2010-September/017872.html
>
> and the follow-up a few months later:
> http://mailman.archlinux.org/pipermail/arch-dev-public/2010-December/018754.html
>
> Given the lack of strong opinion either way last time, I'd lean on
> dropping the package just because it seems to have no upstream
> development and all the patching that is required. So just create a
> rebuild list and get as many of those packages rebuilt without
> tcp_wrappers and go from there.
>
> Allan
and just to follow up, the todo list for this is:
http://www.archlinux.org/todo/86/
dave
More information about the arch-dev-public
mailing list