7:59 p.m.
Hello all,
I bring this to the list being that the issue isn't necessarily a bug,
rather a concern about implementation. Per the documentation
[http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
] fail2ban is _capable_ of supporting shorewall (among other things)
and even states that "the following software is optional but
recommended" with reference to shorewall. However, fail2ban does not
_require_ shorewall to function.
That said, having a 'Requires: shorewall' in the fail2ban spec seems
unnecessary and in my opinion improper. Breaking the package out into
a sub package doesn't seem necessary either... being that the only
file(s) I see that could be split off would be:
]# rpm -ql fail2ban | grep shorewall
/etc/fail2ban/action.d/shorewall.conf
Regardless, for the sake of those that have no interest in shorewall
(and in particular those that want to avoid having to support
shorewall) I'd like to suggest that fail2ban-shorewall be broken off
in a sub-package so that the dependency of shorewall is only enacted
when desired.
Thoughts?
Thank you for your time.
---
derks
5:13 a.m.
Hello all,
I bring this to the list being that the issue isn't necessarily a bug,
rather a concern about implementation. Per the documentation
[http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
] fail2ban is _capable_ of supporting shorewall (among other things)
and even states that "the following software is optional but
recommended" with reference to shorewall. However, fail2ban does not
_require_ shorewall to function.
That said, having a 'Requires: shorewall' in the fail2ban spec seems
unnecessary and in my opinion improper. Breaking the package out into
a sub package doesn't seem necessary either... being that the only
file(s) I see that could be split off would be:
]# rpm -ql fail2ban | grep shorewall
/etc/fail2ban/action.d/shorewall.conf
Regardless, for the sake of those that have no interest in shorewall
(and in particular those that want to avoid having to support
shorewall) I'd like to suggest that fail2ban-shorewall be broken off
in a sub-package so that the dependency of shorewall is only enacted
when desired.
Or maybe drop the require on shorewall completely. People willing to
enable the shorewall functionality can install it manually. fail2ban needs
to be configured to do anything useful after installation, installing
shorewall might just be an additional step.
Btw, the Fedora package suffer from the same limitation, whatever is done
should be on all branches.
Regards,
Xavier
8:27 a.m.
I'm the EPEL maintainer for fail2ban and I'm actually all for the
change, but I don't have plans to deviate from the Fedora package
outside of backport patches that might pop up as needed and I'm not
the Fedora packager (the Fedora maintainer said he had no interest in
packaging fail2ban for EPEL).
If you could (or I can, either way) basically just copy and paste your
original email to the fedora-devel-list and we can get into
conversations about how people would like to see it handled "upstream"
then we can get that change reflected here in EPEL.
-Adam
--
http://maxamillion.googlepages.com
---------------------------------------------------------
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
5401
days inactive
5401
days old
epel-devel@lists.fedoraproject.org
2 comments
3 participants
participants (3)
-
Adam Miller -
BJ Dierkes -
Xavier Bachelot