Agenda for Fedora Server WG Meeting (2014-03-25)

Stephen John Smoogen smooge at gmail.com
Mon Mar 24 22:56:22 UTC 2014 

On 24 March 2014 16:17, Stephen Gallagher <sgallagh at redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 03/24/2014 04:48 PM, R P Herrold wrote:
> > On Mon, 24 Mar 2014, Stephen Gallagher wrote:
> >
> >> Agenda Topics: * tcpwrappers (Does Fedora Server want to support
> >> them?)
> >>
> >> I was hoping we could also hear from QA and rel-eng tomorrow, but
> >> I haven't heard confirmation one way or another whether they will
> >> have anything to say.
> >
> > I see Matt's post earlier today checking the pipermail archive.
> > For some reason it appears in broken threading there, and I do not
> > recall seeing the earlier piece pass through my eyes ;) [1]
> >
> > Goodness ... how does one do layered defense in depth by REMOVING
> > existing function?   I must have missed this part of an earlier
> > thread
> >
>
> This is a follow-on to a lengthy discussion occurring on the
> fedora-devel mailing list. It has been suggested that, due to its age,
> lack of maintenance and general insecurity that perhaps Fedora should
> take a stance and remove it from the distribution, instead
> recommending more modern alternatives.
>
>
1) General insecurity is Lennart's opinion on parts of the code which
aren't used very much in the field. I will say that if if libwrap2 was
written it would remove a good portion of the code which relies on the old
auth daemon no one uses these days. The code would basically boil
everything down to the service: ipaddress: allow/deny rule.

2) Lack of maintenance has been mostly that the code hasn't had a CVE in
years and has been audited multiple times to make sure it doesn't. That
said I am sure the parts that aren't exercised a lot (looking up via DNS or
authd) could use an axe.

3) The modern alternative suggested is a removal of the code and just
relying on the firewall.


> Do not construe this statement as either support for or opposition to
> this suggestion.
>
>
> > 'want' ???
> >
> > Anything purporting to be able to perform in server space does not
> > have a choice but to support wrappers
> >
>
> Not necessarily true. One of Fedora's stated purposes is to be
> "First". While most people construe this to mean "has the latest
> version of all packages", this can also mean that Fedora should lead
> the charge in migrating away from old technology if it deems that it
> is holding back innovation.
>  <https://admin.fedoraproject.org/mailman/listinfo/server>
>

Well in this case, it would not be first as Arch has done this for several
years and I am guessing SuSE is looking to do so itself. I would go more
with the Freedom to change things :). [I would avoid Friends and Features
:)]

-- 
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/server/attachments/20140324/3dccdd3b/attachment-0001.html>

More information about the server mailing list