Package: tcp-wrappers
Version: N/A
Severity: normal
Tags: patch
Dear Debian maintainer,
On Saturday, March 31, 2007, I notified you of the beginning of a review process
concerning debconf templates for tcp-wrappers.
The debian-l10n-english contributors have now reviewed these templates,
and the proposed changes are attached to this bug report.
Please review the suggested changes are suggested, and if you have any
objections, let me know in the next 3 days.
Please try to avoid uploading tcp-wrappers with these changes right now.
The second phase of this process will begin on Sunday, April 15, 2007, when I
will
coordinate updates to translations of debconf templates.
The existing translators will be notified of the changes: they will
receive an updated PO file for their language.
Simultaneously, a general call for new translations will be sent to
the debian-i18n mailing list.
Both these calls for translations will request updates to be sent as
individual bug reports. That will probably trigger a lot of bug
reports against your package, but these should be easier to deal with.
The call for translation updates and new translations will run until
Friday, April 27, 2007. Please avoid uploading a package with fixed or changed
debconf templates and/or translation updates in the meantime. Of
course, other changes are safe.
On Saturday, April 28, 2007, I will contact you again and will send a final
patch
summarizing all the updates (changes to debconf templates,
updates to debconf translations and new debconf translations).
Again, thanks for your attention and cooperation.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.18-4-486
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
---
/home/bubulle/travail/debian/rewrite/LCFC/tcp-wrappers/tcp-wrappers.old/debian/tcpd.templates
2007-03-29 06:12:08.859218328 +0200
+++
/home/bubulle/travail/debian/rewrite/LCFC/tcp-wrappers/tcp-wrappers/debian/tcpd.templates
2007-03-31 19:48:37.171236923 +0200
@@ -1,21 +1,17 @@
Template: tcpd/paranoid-mode
Type: boolean
Default: false
-_description: Should tcpd setup paranoid hosts.allow and hosts.access?
- /etc/hosts.allow and /etc/hosts.deny will be setup since you do not have
- have any of these files yet. You can either have a generic and permissive
- configuration which will allow any incoming connection or a paranoid
- configuration which will not allow remote connections regardless of
- where they originate from.
+_description: Use paranoid settings in hosts.allow and hosts.access?
+ New /etc/hosts.allow and /etc/hosts.deny files for the TCP wrappers
+ daemon (tcpd) will be created as they do not exist yet.
.
- The second option, even if more secure, will block out all communication,
- including, for example, remote administration. So if you need this
- don't choose it.
+ You can choose between a generic and permissive configuration which
+ will allow any incoming connection or a paranoid configuration which
+ will not allow remote connections regardless of where they originate
+ from. The latter, even if more secure, will block out all
+ communication, including, for example, remote administration.
.
- Regardless of which option you select you can always manually edit both
- files to suit your needs, for this, review the hosts_access(5) manpage.
- This might include giving remote access of services to legitimate hosts.
- .
- Notice this only applies to internet services that use the libwrap library.
- Remote connections will still be possible to services that do not use
- this library, consider using firewall rules to block access to these.
+ Both files can be modified later to suit your needs as explained in
+ the hosts_access(5) manpage. These settings will only affect network
+ services that use the libwrap library. Restrictions for other
+ services should be established by using firewall rules.
---
/home/bubulle/travail/debian/rewrite/LCFC/tcp-wrappers/tcp-wrappers.old/debian/control
2007-03-29 06:12:08.855218296 +0200
+++
/home/bubulle/travail/debian/rewrite/LCFC/tcp-wrappers/tcp-wrappers/debian/control
2007-04-04 06:13:11.495566841 +0200
@@ -15,10 +15,12 @@
Wietse Venema's network logger, also known as TCPD or LOG_TCP.
.
These programs log the client host name of incoming telnet,
- ftp, rsh, rlogin, finger etc. requests. Security options are:
- access control per host, domain and/or service; detection of
- host name spoofing or host address spoofing; booby traps to
- implement an early-warning system.
+ ftp, rsh, rlogin, finger etc. requests.
+ .
+ Security options are:
+ - access control per host, domain and/or service;
+ - detection of host name spoofing or host address spoofing;
+ - booby traps to implement an early-warning system.
Package: libwrap0
Section: libs
@@ -31,10 +33,12 @@
Wietse Venema's network logger, also known as TCPD or LOG_TCP.
.
These programs log the client host name of incoming telnet,
- ftp, rsh, rlogin, finger etc. requests. Security options are:
- access control per host, domain and/or service; detection of
- host name spoofing or host address spoofing; booby traps to
- implement an early-warning system.
+ ftp, rsh, rlogin, finger etc. requests.
+ .
+ Security options are:
+ - access control per host, domain and/or service;
+ - detection of host name spoofing or host address spoofing;
+ - booby traps to implement an early-warning system.
Package: libwrap0-dev
Section: libdevel
@@ -47,7 +51,9 @@
Wietse Venema's network logger, also known as TCPD or LOG_TCP.
.
These programs log the client host name of incoming telnet,
- ftp, rsh, rlogin, finger etc. requests. Security options are:
- access control per host, domain and/or service; detection of
- host name spoofing or host address spoofing; booby traps to
- implement an early-warning system.
+ ftp, rsh, rlogin, finger etc. requests.
+ .
+ Security options are:
+ - access control per host, domain and/or service;
+ - detection of host name spoofing or host address spoofing;
+ - booby traps to implement an early-warning system.
