1 |
On Sat, 27 Dec 2003 21:44:06 -0500 |
2 |
"Allen Parker" <allenp@×××.org> wrote: |
3 |
|
4 |
> > So, to re-state because I'm not even sure what I said up there: |
5 |
> > Create package block-telnet that does as it's name implies, blocks the |
6 |
> > virtual/telnet package so that no other telnetd/telnet client may be |
7 |
> > emerged without removing it first. |
8 |
> > Setup block-telnet to install something like |
9 |
> > /usr/share/doc/telnet-readme(the contents of the same thing you read |
10 |
> > when you remove block-telnet) and upon unmerge fire off a simple shell |
11 |
> > script that less's the same file(hidden) that is telnet-readme with a |
12 |
> > yes/no choice saying are you sure you wish to remove me? |
13 |
> > Add block-telnet -> virtual/telnet as a virtual/telnet blocker by |
14 |
> > default for all arch/stage/devel profiles under system instead of |
15 |
> > world and make it a default package (like nano) for Gentoo 2004. |
16 |
|
17 |
I don't believe our intention or goal is to proactively protect the user |
18 |
from their own possible stupidity. Telnet is still rather viable for |
19 |
things (think terminal servers) and has many applications where security |
20 |
may not be a concern. |
21 |
|
22 |
If we were going to apply this logic, we'd have to do the same for all web |
23 |
browsers that don't support SSL, all ldap clients and servers that don't |
24 |
support SSL or any other programs that transmit data in the clear across |
25 |
the network. |
26 |
|
27 |
I believe one of the reasons openssh is in the default system profile is |
28 |
to help increase security in this regard. |
29 |
|
30 |
Cheers, |
31 |
-- |
32 |
Jason Wever |
33 |
Gentoo/Sparc Co-Team Lead |