On Fri, Jul 13, 2012 at 01:46:39PM +0900, Simon Horman wrote: > On Thu, Jul 12, 2012 at 09:17:11PM -0700, Ben Pfaff wrote: > > Debian kernel maintainer Bastian Blank writes, at > > http://bugs.debian.org/680537: > > > > The netfilter rules are a shared resource. There is no synchronization, > > so the admin have the last word. As kernel maintainer, I see it similar > > to a configuration file, so ยง10.7 policy applies. > > > > The purpose of openvswitch is to provide support for switching, not to > > setup filter rules. This means it violates the principle of least > > surprise. > > > > I believe that the argument by analogy to configuration files is weak, > > given that the Debian policy section in question is very specifically about > > files, not about general principles. On the other hand, Debian does not > > install any firewall by default, so the presence of a rule that blocks GRE > > traffic is a sign that the administrator has taken an explicit action to > > install a firewall that blocks GRE, and therefore it is rather rude to > > override this. Therefore, this patch simply turns off this behavior on > > Debian, given that in ordinary Debian installations it will have no > > adverse effect on Open vSwitch. > > FWIW, I am in complete agreement with Ben on this.
Want to give me an Acked-by? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
