Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Sam James <sam@g.o>
To: gentoo-dev@l.g.o
Cc: David Seifert <soap@g.o>
Subject: Re: [gentoo-dev] [PATCH] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults
Date: Thu, 29 Jul 2021 01:34:03
Message-Id: E2817F41-C812-4324-8A8D-B1A2695C2132@gentoo.org
In Reply to: [gentoo-dev] [PATCH] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults by David Seifert
1 > On 27 Jul 2021, at 13:32, David Seifert <soap@g.o> wrote:
2 >
3 > Signed-off-by: David Seifert <soap@g.o>
4 > ---
5 > .../2021-08-01-tcpd-disabled.en.txt | 62 +++++++++++++++++++
6 > 1 file changed, 62 insertions(+)
7 > create mode 100644 2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
8 >
9 > diff --git a/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
10 > new file mode 100644
11 > index 0000000..3631de3
12 > --- /dev/null
13 > +++ b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
14 > @@ -0,0 +1,62 @@
15 > +Title: USE=tcpd no longer globally enabled
16 > +Author: David Seifert <soap@g.o>
17 > +Posted: 2021-08-01
18 > +Revision: 1
19 > +News-Item-Format: 2.0
20 > [snip]
21 > +
22 > +On 2021-11-01, we will remove USE="tcpd" from the globally default
23 > +enabled USE flags. USE="tcpd" usually enables sys-apps/tcp-wrappers
24 > +for an adhoc firewall based on /etc/hosts.allow and /etc/hosts.deny.
25 > +
26
27 This lgtm overall and thanks for working on it. Some minor comments below.
28
29 Could you file and reference a bug within the news item (and in the commit
30 message for the news item) to allow issues to be raised in one place by users?
31
32 > +The base system project has come to the conclusion that 24 years after
33
34 s/base system/Base System/.
35
36 > +the last upstream release, tcp-wrappers is not relevant in 2021 anymore.
37
38 How about: "tcp-wrappers is not suitable for a default configuration in 2021 anymore."?
39
40 > +Other distributions have completely removed support at this point. If
41 > +you rely on tcp-wrappers, you can re-enable the flag. We strongly
42 > +recommend you switch to more modern packet filters, such as BPF,
43 > +nftables or iptables.
44
45 Let's add that we recommend users who specifically rely on functionality,
46 including tcpd, can and should enable it specifically for that package
47 via their package manager's configuration? (make.conf/package.use for
48 Portage).
49
50 We'll link to https://wiki.gentoo.org/wiki//etc/portage/package.use.
51
52 best,
53 sam

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups