On Wed, Apr 03, 2024 at 04:38:19PM +0200, Marc Haber wrote: > On Wed, 03 Apr 2024 14:10:37 +0100, "Jonathan Dowland" > <j...@debian.org> wrote: > >For you and fellow greybeards, perhaps: I'd be surprised if many people > >younger than us have even heard of tcp wrappers. I don't think the > >muscle memory of a diminishing set of users is a strong argument, > >especially given it's a preference rather than a requirement, and > >alternatives do exist. > > It is possible to have that alternative not present without being > noticed (for example, a firewall build script failing, but sshd start > nof failing), whilea security measure built into the very daemon is > way harder to be accidentally disabled while keeping the daemon > running.
While I'm still not totally convinced, one possible alternative here is https://bugs.debian.org/1068311. That would still mean one more library than strictly needed (once the GSS-API stuff is split out), but at least it would be one small library rather than a big linkage chain over 30 times the size. I could probably justify keeping it in that case. -- Colin Watson (he/him) [cjwat...@debian.org]