Am 24.03.2014 23:56, schrieb Stephen John Smoogen:
1) General insecurity is Lennart's opinion on parts of the code
which aren't used very much in the field. I will
say that if if libwrap2 was written it would remove a good portion of the code which
relies on the old auth daemon
no one uses these days. The code would basically boil everything down to the service:
ipaddress: allow/deny rule.
2) Lack of maintenance has been mostly that the code hasn't had a CVE in years and
has been audited multiple times
to make sure it doesn't. That said I am sure the parts that aren't exercised a
lot (looking up via DNS or authd)
could use an axe.
3) The modern alternative suggested is a removal of the code and just relying on the
firewall
which is *not* layered security
http://www.spinics.net/lists/fedora-devel/msg196606.html