Comment 14 for bug 235653

On Wed, Aug 27, 2008 at 12:37:20AM -0000, Charles Lepple wrote:
> > Well, most sysadmins that I know, including the sysadmin that is
> > me :),
> > prefer security in depth and don't want an either-or choice between
> > application-level and system-level ACLs.

> Understood, but at the very least, application-level ACLs are
> probably better handled by something like libwrap, with a common
> syntax, and a more thoroughly-inspected codebase. We don't want to
> lull users into thinking that the NUT ACLs are a complete replacement
> for firewall rules.

Well, that's fine (though I think any user who concludes that an
application-level ACL implementation is a complete replacement for firewall
rules has really not been paying attention); but I don't think philosophical
points about whether the ACL feature should be used are a very strong
justification for a stable release update.

> > That's not a meaningful solution for users who want to allow remote
> > access from certain addresses and only have one interface.

> This is starting to stray from the original issue in this bug
> regarding 2.2.1. I don't want to misrepresent the intentions of the
> rest of the NUT team - do you mind if I quote this message and some
> history on the NUT developer list, and CC you?

Yes, that's fine.

On Tue, Sep 02, 2008 at 01:14:11PM -0000, Arnaud Quette wrote:

> about the NUT ACL removal, the idea is simply that it's better managed
> by a central system like the firewall, which offers more features in a
> central point.

That is contrary to the best practices security model relied upon by nearly
all network servers. I don't think that's an improvement, really; but
that's fairly off-topic for this bug report.

Anyway, based on the evidence I stand by the conclusion that the impact of
this bug is not severe enough to warrant an SRU; I'm rejecting the upload
from the queue now.