[arch-general] [arch-dev-public] dropping tcp_wrapper support
Loui Chang
louipc.ist at gmail.com
Sat Jul 16 18:23:11 EDT 2011
On Sat 16 Jul 2011 15:47 -0500, Peggy Wilkins wrote:
> On Sat, Jul 16, 2011 at 3:23 PM, Ionut Biru <ibiru at archlinux.org> wrote:
> > On 07/16/2011 08:06 PM, Peggy Wilkins wrote:
> >>
> >> The annoucement suggests that a major reason for dropping support is
> >> that it is "confusing" to end users. An easy solution to that is to
> >> make a default hosts.allow file that says "ALL : ALL : ALLOW" out of
> >> the box. Then those of use wanting to simply restrict access (useful
> >> in many scenarios) can change that default as needed.
> >
> > i read the news entry couples of times and I don't get it how you
> > reach this conclusion. Really, this is not the reason and I found
> > your comment hilarious.
>
> I was referring to this:
>
> "Additionally, newer daemons and applications are inconsistent in
> their support for libwrap, leading to confusion as to whether an
> application supports the library."
>
> This is true, it is confusing. My response was to say, well, change
> the default config then, and that criticism won't carry the same
> impact. (To be honest I have no idea what Arch's default config is
> for /etc/hosts.{allow|deny} because I edit it within minutes of a new
> install, but it seems that if it were default allow for ALL then it
> wouldn't cause as much trouble for people who wonder why sshd or
> whatever isn't working...)
>
> > users who want this feature can as well recompile the desire services with
> > this support.
>
> I will again say I chose Arch because I don't have to spend my time
> doing that (for a desktop OS); I very much appreciate the people who
> put the time into compiling things so I don't have to. I spend a fair
> amount of time compiling software at work, and I don't want a larger
> list of things to recompile regularly.
>
> I am not intending on continuing to bore everyone with my opinion here...
>
> I still wish support would stay, but it's not my decision, I just
> wanted to speak up in case anyone but me cared (and apparently I
> really am the only one...).
I think it makes sense to have only one place to control traffic, makes
things a little simpler. tcp_wrappers is like a helper program for
beginner users to control traffic, but you can most likely find a
program that would help beginners to create iptable rules. I don't use
them so I can't advocate any particular program though.
Cheers.
More information about the arch-general
mailing list