Subject: Re: [netatalk-admins] a cold wind bloweth
From: Michael Han (mikehan@best.com)
Date: Wed Jun 09 1999 - 15:28:02 EDT
Previously...
>It's not philosophical at all netatalk is netatalk and not TCPwrappers.
>The TCPwrappers people should worry about TCPwrapper problems. Expecting
>netatalk people to worry about TCPwrapper problems is foolish. Besides,
>when I install netatalk I just want to install netatalk not netatalk and
>TCPwrappers. I can get my own, and possibly more recent version of
>TCPwrappers. Modularity is good not evil. Besides, perhaps all of my
>boxes are behind a firewall and I don't need the overhead of TCPwrappers
>at all.
>
>I disagree, users hate to be patronized. If netatalk gets a bad rep for
>being a security hole then it is rightfully so and that's why one should
>use firewalling or TCPwrapping with it. I'd rather have netatalk get a
>bad rep than a bad wrap. (pun intended)
The point is that if you distribute a precompiled binary of netatalk,
TCP wrapper support is a *compile-time* option. Once you've got a
built binary, you can't go back and add the support for wrappers
(actually, I think you can, but not the easy way). So does the package
builder assume the package installer wants security or doesn't want
it?
Good package management systems allow a system to declare
dependencies. netatalk should be distributed built with wrappers, and
simply require wrapper support and declare this fact through the
package dependency.
At least that's my opinion. Feel free to disagree, but if we're
talking about RPM, there are contrib'd TCP wrappers packages and it
should be easy enough to write netatalk's spec file to require that
package.
-- mikehan@best.com The Christmas pageant does not stink - The collected wisdom of Bart Simpson
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:16:48 EST