Hi all, Does anyone know what the status is of Hideaki Yoshifuji's IPv6 ACL patch? He's submitted this twice now, and that was 3 months ago. Judging by the comments made when this was submitted, it's apparently not understood how important this is. - if you IPv6 on your rsync server, you can not secure it with "hosts allow". - if you enable IPv6 on an rsync server that's secured with "hosts deny" to keep certain hosts out, well, they can get in again -- if they also have IPv6. Please, can this patch be merged into the next release? This is very important! It is NOT new functionality, it's a security fix. Bert Vermeulen bert@biot.com -- Profanity is the inevitable linguistic crutch of the inarticulate motherfucker.
Bert Vermeulen wrote:> Hi all, > > Does anyone know what the status is of Hideaki Yoshifuji's IPv6 ACL > patch? He's submitted this twice now, and that was 3 months ago. > Judging by the comments made when this was submitted, it's apparently > not understood how important this is. > > - if you IPv6 on your rsync server, you can not secure it with "hosts > allow". > > - if you enable IPv6 on an rsync server that's secured with "hosts > deny" to keep certain hosts out, well, they can get in again -- if > they also have IPv6. > > Please, can this patch be merged into the next release? This is very > important! It is NOT new functionality, it's a security fix.I think the problem is that wget currently has *no active maintainers*. Based on a recent thread, there is no-one with CVS commit priviledges who reads this list. Max.
Even though rsync maintenance isn't as bad as wget's, the maintainers
are all VERY part time so that is a big part of the problem. Most of us
don't have ipv6 systems to test things on. Can you vouch for the quality
of the patch? I was able to get it with
wget --passive
ftp://ftp.linux-ipv6.org/pub/usagi/misc/rsync-2_5_5-v6auth-20021016.patch.gz
and it looks quite extensive.
- Dave
On Sun, Jan 05, 2003 at 03:53:13AM +0100, Bert Vermeulen
wrote:> Hi all,
>
> Does anyone know what the status is of Hideaki Yoshifuji's IPv6 ACL
patch?
> He's submitted this twice now, and that was 3 months ago. Judging by
the
> comments made when this was submitted, it's apparently not understood
how
> important this is.
>
> - if you IPv6 on your rsync server, you can not secure it with "hosts
> allow".
>
> - if you enable IPv6 on an rsync server that's secured with "hosts
deny" to
> keep certain hosts out, well, they can get in again -- if they also have
> IPv6.
>
> Please, can this patch be merged into the next release? This is very
> important! It is NOT new functionality, it's a security fix.
>
>
> Bert Vermeulen
> bert@biot.com