Package: tcp-wrappers Version: N/A Severity: normal Tags: patch Dear Debian maintainer,
On Saturday, March 31, 2007, I notified you of the beginning of a review process concerning debconf templates for tcp-wrappers. The debian-l10n-english contributors have now reviewed these templates, and the proposed changes are attached to this bug report. Please review the suggested changes are suggested, and if you have any objections, let me know in the next 3 days. Please try to avoid uploading tcp-wrappers with these changes right now. The second phase of this process will begin on Sunday, April 15, 2007, when I will coordinate updates to translations of debconf templates. The existing translators will be notified of the changes: they will receive an updated PO file for their language. Simultaneously, a general call for new translations will be sent to the debian-i18n mailing list. Both these calls for translations will request updates to be sent as individual bug reports. That will probably trigger a lot of bug reports against your package, but these should be easier to deal with. The call for translation updates and new translations will run until Friday, April 27, 2007. Please avoid uploading a package with fixed or changed debconf templates and/or translation updates in the meantime. Of course, other changes are safe. On Saturday, April 28, 2007, I will contact you again and will send a final patch summarizing all the updates (changes to debconf templates, updates to debconf translations and new debconf translations). Again, thanks for your attention and cooperation. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-4-486 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
--- /home/bubulle/travail/debian/rewrite/LCFC/tcp-wrappers/tcp-wrappers.old/debian/tcpd.templates 2007-03-29 06:12:08.859218328 +0200 +++ /home/bubulle/travail/debian/rewrite/LCFC/tcp-wrappers/tcp-wrappers/debian/tcpd.templates 2007-03-31 19:48:37.171236923 +0200 @@ -1,21 +1,17 @@ Template: tcpd/paranoid-mode Type: boolean Default: false -_description: Should tcpd setup paranoid hosts.allow and hosts.access? - /etc/hosts.allow and /etc/hosts.deny will be setup since you do not have - have any of these files yet. You can either have a generic and permissive - configuration which will allow any incoming connection or a paranoid - configuration which will not allow remote connections regardless of - where they originate from. +_description: Use paranoid settings in hosts.allow and hosts.access? + New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrappers + daemon (tcpd) will be created as they do not exist yet. . - The second option, even if more secure, will block out all communication, - including, for example, remote administration. So if you need this - don't choose it. + You can choose between a generic and permissive configuration which + will allow any incoming connection or a paranoid configuration which + will not allow remote connections regardless of where they originate + from. The latter, even if more secure, will block out all + communication, including, for example, remote administration. . - Regardless of which option you select you can always manually edit both - files to suit your needs, for this, review the hosts_access(5) manpage. - This might include giving remote access of services to legitimate hosts. - . - Notice this only applies to internet services that use the libwrap library. - Remote connections will still be possible to services that do not use - this library, consider using firewall rules to block access to these. + Both files can be modified later to suit your needs as explained in + the hosts_access(5) manpage. These settings will only affect network + services that use the libwrap library. Restrictions for other + services should be established by using firewall rules. --- /home/bubulle/travail/debian/rewrite/LCFC/tcp-wrappers/tcp-wrappers.old/debian/control 2007-03-29 06:12:08.855218296 +0200 +++ /home/bubulle/travail/debian/rewrite/LCFC/tcp-wrappers/tcp-wrappers/debian/control 2007-04-04 06:13:11.495566841 +0200 @@ -15,10 +15,12 @@ Wietse Venema's network logger, also known as TCPD or LOG_TCP. . These programs log the client host name of incoming telnet, - ftp, rsh, rlogin, finger etc. requests. Security options are: - access control per host, domain and/or service; detection of - host name spoofing or host address spoofing; booby traps to - implement an early-warning system. + ftp, rsh, rlogin, finger etc. requests. + . + Security options are: + - access control per host, domain and/or service; + - detection of host name spoofing or host address spoofing; + - booby traps to implement an early-warning system. Package: libwrap0 Section: libs @@ -31,10 +33,12 @@ Wietse Venema's network logger, also known as TCPD or LOG_TCP. . These programs log the client host name of incoming telnet, - ftp, rsh, rlogin, finger etc. requests. Security options are: - access control per host, domain and/or service; detection of - host name spoofing or host address spoofing; booby traps to - implement an early-warning system. + ftp, rsh, rlogin, finger etc. requests. + . + Security options are: + - access control per host, domain and/or service; + - detection of host name spoofing or host address spoofing; + - booby traps to implement an early-warning system. Package: libwrap0-dev Section: libdevel @@ -47,7 +51,9 @@ Wietse Venema's network logger, also known as TCPD or LOG_TCP. . These programs log the client host name of incoming telnet, - ftp, rsh, rlogin, finger etc. requests. Security options are: - access control per host, domain and/or service; detection of - host name spoofing or host address spoofing; booby traps to - implement an early-warning system. + ftp, rsh, rlogin, finger etc. requests. + . + Security options are: + - access control per host, domain and/or service; + - detection of host name spoofing or host address spoofing; + - booby traps to implement an early-warning system.