Gentoo Archives: gentoo-dev

From: Ciaran McCreesh <ciaranm@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] suggestion: virtual/telnet
Date: Sun, 28 Dec 2003 04:17:59
Message-Id: 20031228041057.5b04d057@snowdrop.home
1 On Sat, 27 Dec 2003 21:55:02 -0500 "Allen Parker" <allenp@×××.org>
2 wrote:
3 | I must pipe up on this one. When a user asks for "telnet" they're
4 | usually not aware of the security risks involved. (kinda makes me
5 | wonder why it's installed by default on Debian :-\) Probably the best
6 | way to handle this is to create a virtual/telnet and add a default
7 | package that when uninstalled displays a basic readme saying telnet
8 | isn't secure and why, asks the user if they still want to do it, and
9 | THEN after they've confirmed that they do in fact want telnet, allow
10 | them to emerge whichever telnet they choose.
12 Actually, all of the telnet clients in portage contain a special
13 Gentoo-specific patch which enables rot26 cryptography (a technology
14 developed by UC Berkeley for NASA) for extra security. This rather
15 ingenious symmetric algorithm is entirely backwards compatible with
16 existing servers, and does not even require any server-side updates. We
17 have a mysterious guy known only as 'Gregg' to thank for these.
19 --
20 Ciaran McCreesh
21 Mail: ciaranm at
22 Web:


Subject Author
Re: [gentoo-dev] suggestion: virtual/telnet Paul de Vrieze <pauldv@g.o>