Gentoo Archives: gentoo-dev

From: Christian Birchinger <joker@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] suggestion: virtual/telnet
Date: Sun, 28 Dec 2003 14:52:47
1 I'm the last person who would want infos and help on emerge
2 removed but that sounds like too much baby sitting.
3 I like Gentoo for not enabling the server daemon by default
4 after emerge. That's the "protection" i expect and like.
5 But i dislike when my distribution tries to be smarter than
6 the user. If you want to warn the user then a ewarn after
7 emerge has to be enough becauee everything else annoys too
8 much.
10 And telnet isn't bad by default. I use the client for various
11 tests and have it installed on all my machines because sometimes
12 it's just simpler than netcat magic etc.
14 On Sat, Dec 27, 2003 at 09:55:02PM -0500, Allen Parker wrote:
15 > I must pipe up on this one. When a user asks for "telnet" they're usually
16 > not aware of the security risks involved. (kinda makes me wonder why it's
17 > installed by default on Debian :-\) Probably the best way to handle this is
18 > to create a virtual/telnet and add a default package that when uninstalled
19 > displays a basic readme saying telnet isn't secure and why, asks the user if
20 > they still want to do it, and THEN after they've confirmed that they do in
21 > fact want telnet, allow them to emerge whichever telnet they choose.
22 >
23 > So, to re-state because I'm not even sure what I said up there:
24 > Create package block-telnet that does as it's name implies, blocks the
25 > virtual/telnet package so that no other telnetd/telnet client may be emerged
26 > without removing it first.
27 > Setup block-telnet to install something like /usr/share/doc/telnet-readme
28 > (the contents of the same thing you read when you remove block-telnet) and
29 > upon unmerge fire off a simple shell script that less's the same file
30 > (hidden) that is telnet-readme with a yes/no choice saying are you sure you
31 > wish to remove me?
32 > Add block-telnet -> virtual/telnet as a virtual/telnet blocker by default
33 > for all arch/stage/devel profiles under system instead of world and make it
34 > a default package (like nano) for Gentoo 2004.
35 >
36 > It honestly seems to me that this would probably take any dev minutes to set
37 > the virtual up this way and it would also allow very fast, short answers in
38 > regards to getting questions on telnet:
39 >
40 > Eg:
41 > User: how do I install telnet?
42 > Dev: emerge unmerge block-telnet ... and read what it says.
43 > User: thanks for your help!
44 >
45 > That's my 2/100ths of a monetary unit.
46 > Allen Parker
47 >
48 > PS: when used in this manner, it's hardly cruft.
50 --
51 gentoo-dev@g.o mailing list