On Wed, Jul 13, 2011 at 10:59 AM, Dan McGee <dpmc...@gmail.com> wrote: > On Wednesday, July 13, 2011, Stéphane Gaudreault <steph...@archlinux.org> > wrote: >> Le 13 juillet 2011 08:10:26 Dave Reisner a écrit : >>> On Wed, Jul 13, 2011 at 12:55:51PM +1000, Allan McRae wrote: >>> > On 13/07/11 12:27, Dave Reisner wrote: >>> > >I'd like to pick up something Dan proposed about a year ago, which is >>> > >dropping support for tcp_wrappers. Its last official upstream release >>> > >was 1997, and we currently add 10 patches to it from 3 different >>> > >distros >>> > >in order to make it compile, fix bugs, and add features (ipv6). We >>> > >also >>> > >add in an odd default of ALL: ALL in the config file, meaning that the >>> > >first thing most people do on a new arch system is add a line to >>> > >/etc/hosts.allow along the lines of 'sshd: ALL' (or just delete the >>> > >blanket deny. To my knowledge, there isn't anything tcp_wrappers does >>> > >that iptables can't do more eloquently, and without the need to be >>> > >linked against an external library. >>> > > >>> > >Therefore, I'd like to propose that we just dump this. The rebuild >>> > >list >>> > >would be small, at 20 packages: >>> > > >>> > >archboot >>> > >dante >>> > >esound >>> > >exim >>> > >gdm >>> > >inetutils >>> > >libmysqlclient >>> > >mailutils >>> > >net-snmp >>> > >nfs-utils >>> > >openldap >>> > >openssh >>> > >quota-tools >>> > >rrdtool >>> > >socat >>> > >stunnel >>> > >syslog-ng >>> > >tftp-hpa >>> > >vsftpd >>> > >xinetd >>> > > >>> > >Is there any pressing reason to hang onto this aging library? >>> > >>> > For reference: >>> > >>> > Dan's original email about this: >>> > http://mailman.archlinux.org/pipermail/arch-dev-public/2010-September/01 >>> > 7872.html >>> > >>> > and the follow-up a few months later: >>> > http://mailman.archlinux.org/pipermail/arch-dev-public/2010-December/018 >>> > 754.html >>> > >>> > Given the lack of strong opinion either way last time, I'd lean on >>> > dropping the package just because it seems to have no upstream >>> > development and all the patching that is required. So just create a >>> > rebuild list and get as many of those packages rebuilt without >>> > tcp_wrappers and go from there. >>> > >>> > Allan >>> >>> and just to follow up, the todo list for this is: >>> >>> http://www.archlinux.org/todo/86/ >>> >>> dave >> >> No objection, but a comment. >> >> You started that discussion and created the todo list after only 10 hours. As >> we are not all in the same timezone, it is likely that some people could not >> express their opinion within such a short period. I would suggest to wait at >> least 24 hours before taking action. >> >> Stéphane > > I would say the same, but a todo list isn't a to-done list, so keep > that in mind. He also pointed out that I got little to no feedback > when I asked about this both a year and six months ago, so > expectations are pretty low this time around. I'm sure if there were > serious objections people would raise them and we could address them. > > This is worthy of a news article once we move packages to core only > because it could expose some services people didn't previously expect > to need to protect. > > -Dan >
What about packages from extra/community? Do we put the tcp_wrapper-less packages in testing so we move everything to the main repos at the same time with a front page news? Or is the front page news only intended for the core packages?
