| 1 |
On Sat, 27 Dec 2003 21:55:02 -0500 "Allen Parker" <allenp@×××.org> |
| 2 |
wrote: |
| 3 |
| I must pipe up on this one. When a user asks for "telnet" they're |
| 4 |
| usually not aware of the security risks involved. (kinda makes me |
| 5 |
| wonder why it's installed by default on Debian :-\) Probably the best |
| 6 |
| way to handle this is to create a virtual/telnet and add a default |
| 7 |
| package that when uninstalled displays a basic readme saying telnet |
| 8 |
| isn't secure and why, asks the user if they still want to do it, and |
| 9 |
| THEN after they've confirmed that they do in fact want telnet, allow |
| 10 |
| them to emerge whichever telnet they choose. |
| 11 |
|
| 12 |
Actually, all of the telnet clients in portage contain a special |
| 13 |
Gentoo-specific patch which enables rot26 cryptography (a technology |
| 14 |
developed by UC Berkeley for NASA) for extra security. This rather |
| 15 |
ingenious symmetric algorithm is entirely backwards compatible with |
| 16 |
existing servers, and does not even require any server-side updates. We |
| 17 |
have a mysterious guy known only as 'Gregg' to thank for these. |
| 18 |
|
| 19 |
-- |
| 20 |
Ciaran McCreesh |
| 21 |
Mail: ciaranm at gentoo.org |
| 22 |
Web: http://dev.gentoo.org/~ciaranm |
Archives