On Tue, 2017-08-15 at 13:58 +0200, Jakub Jelen wrote:
> Hello Fedora devels and users,
>
> more than three years ago, the same topic started discussion if we
> want
> this package in Fedora or not and how [1]. The discussion resulted
> mostly in flames and in the removal of the dependency on tcp_wrappers
> from systemd. But it was quite agreed that it is considered as a
> security layer for some users, if they use it correctly, or something
> that is or should be replaced by firewalls.
>
> So can we discuss it now once more without the affiliation to
> systemd?
> The fact is that we still do not have any other replacement except
> firewalls. But do we need one?
>
> The complete removal of the package is probably not a wise step, even
> though we can not find tcp_wrappers in recent SuSE anymore [2]. It is
> still available in Arch [3] without other tools depending on it. To
> be
> fair, Debian [4] is still building tools (for example openssh) with a
> build-time support for it.
>
> My primary concern is OpenSSH, which upstream dropped support for
> tcp_wrappers three years ago (late 2014) [5] and since then we are
> maintaining one more downstream patch. But this effort should be
> coordinated among other components to simplify the transition for
> users
> who insist on using it (using tcpd).
>
> Removing the dependency will also allow us to trim the default
> install for few more Kb.
>
> If there will be no significant drawbacks, I will progress with
> filling
> a system wide change for Fedora 28 and I will pull the maintainers of
> other tolls using libwrap into the round and discussion.

Hello,
In Fedora 26, there is over 50 packages using tcp_wrappers as a build-
time dependency: