Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Alexey Sokolov <alexey+gentoo@××××××××.org>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [PATCH v2] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults
Date: Thu, 29 Jul 2021 21:22:03
Message-Id: db7e5abd-4898-d62f-c701-3874d5ef2798@asokolov.org
In Reply to: [gentoo-dev] [PATCH v2] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults by David Seifert
1 29.07.2021 21:40, David Seifert пишет:
2 > Signed-off-by: David Seifert <soap@g.o>
3 > ---
4 > .../2021-08-01-tcpd-disabled.en.txt | 68 +++++++++++++++++++
5 > 1 file changed, 68 insertions(+)
6 > create mode 100644 2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
7 >
8 > diff --git a/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
9 > new file mode 100644
10 > index 0000000..977be80
11 > --- /dev/null
12 > +++ b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
13 > @@ -0,0 +1,68 @@
14 > +Title: USE=tcpd no longer globally enabled
15 > +Author: David Seifert <soap@g.o>
16 > +Posted: 2021-08-01
17 > +Revision: 1
18 > +News-Item-Format: 2.0
19 > +Display-If-Profile: default/linux/*
20 > +Display-If-Installed: net-analyzer/argus-clients[tcpd]
21 > +Display-If-Installed: net-ftp/proftpd[tcpd]
22 > +Display-If-Installed: app-admin/conserver[tcpd]
23 > +Display-If-Installed: app-admin/prelude-manager[tcpd]
24 > +Display-If-Installed: app-admin/qpage[tcpd]
25 > +Display-If-Installed: app-admin/syslog-ng[tcpd]
26 > +Display-If-Installed: app-backup/bacula[tcpd]
27 > +Display-If-Installed: app-backup/bareos[tcpd]
28 > +Display-If-Installed: app-misc/mosquitto[tcpd]
29 > +Display-If-Installed: dev-libs/yaz[tcpd]
30 > +Display-If-Installed: gnome-base/gdm[tcpd]
31 > +Display-If-Installed: mail-mta/exim[tcpd]
32 > +Display-If-Installed: mail-mta/sendmail[tcpd]
33 > +Display-If-Installed: media-sound/pulseaudio[tcpd]
34 > +Display-If-Installed: net-analyzer/argus[tcpd]
35 > +Display-If-Installed: net-analyzer/net-snmp[tcpd]
36 > +Display-If-Installed: net-analyzer/nrpe[tcpd]
37 > +Display-If-Installed: net-analyzer/nsca[tcpd]
38 > +Display-If-Installed: net-analyzer/rrdtool[tcpd]
39 > +Display-If-Installed: net-fs/netatalk[tcpd]
40 > +Display-If-Installed: net-fs/nfs-utils[tcpd]
41 > +Display-If-Installed: net-ftp/atftp[tcpd]
42 > +Display-If-Installed: net-ftp/tftp-hpa[tcpd]
43 > +Display-If-Installed: net-ftp/vsftpd[tcpd]
44 > +Display-If-Installed: net-irc/ngircd[tcpd]
45 > +Display-If-Installed: net-mail/cyrus-imapd[tcpd]
46 > +Display-If-Installed: net-mail/dovecot[tcpd]
47 > +Display-If-Installed: net-mail/mailutils[tcpd]
48 > +Display-If-Installed: net-mail/tpop3d[tcpd]
49 > +Display-If-Installed: net-misc/apt-cacher-ng[tcpd]
50 > +Display-If-Installed: net-misc/ser2net[tcpd]
51 > +Display-If-Installed: net-misc/socat[tcpd]
52 > +Display-If-Installed: net-misc/sslh[tcpd]
53 > +Display-If-Installed: net-misc/stunnel[tcpd]
54 > +Display-If-Installed: net-misc/usbip[tcpd]
55 > +Display-If-Installed: net-nds/openldap[tcpd]
56 > +Display-If-Installed: net-nds/rpcbind[tcpd]
57 > +Display-If-Installed: net-nds/tac_plus[tcpd]
58 > +Display-If-Installed: net-proxy/dante[tcpd]
59 > +Display-If-Installed: net-vpn/ocserv[tcpd]
60 > +Display-If-Installed: net-vpn/pptpd[tcpd]
61 > +Display-If-Installed: sci-libs/dcmtk[tcpd]
62 > +Display-If-Installed: sys-apps/linux-misc-apps[tcpd]
63 > +Display-If-Installed: sys-apps/xinetd[tcpd]
64 > +Display-If-Installed: sys-fs/quota[tcpd]
65 > +Display-If-Installed: sys-power/nut[tcpd]
66 > +
67 > +On 2021-11-01, we will remove USE="tcpd" from the globally default
68 > +enabled USE flags (bug #805077). USE="tcpd" usually enables
69
70 Please make the bug a full bug URL; such short form can be very
71 surprising for someone not familiar with gentoo development
72
73 > +sys-apps/tcp-wrappers for an ad hoc firewall based on /etc/hosts.allow
74 > +and /etc/hosts.deny.
75 > +
76 > +The Base System project has come to the conclusion that 24 years after
77 > +the last upstream release, tcp-wrappers is not suitable for a default
78 > +configuration in 2021 anymore. Other distributions have completely
79 > +removed support at this point. We strongly recommend you switch to more
80 > +modern packet filters, such as BPF, nftables, or iptables. If you rely
81 > +on tcp-wrappers, you can re-enable the flag, see
82 > +
83 > + https://wiki.gentoo.org/wiki//etc/portage/package.use
84 > +
85 > +for package-specific ways to re-enable tcp-wrappers.
86 >
87
88
89 --
90 Best regards,
91 Alexey "DarthGandalf" Sokolov
Report Message
Find on MARC Find on Google Groups