1 |
On Sat, 27 Dec 2003 21:55:02 -0500 "Allen Parker" <allenp@×××.org> |
2 |
wrote: |
3 |
| I must pipe up on this one. When a user asks for "telnet" they're |
4 |
| usually not aware of the security risks involved. (kinda makes me |
5 |
| wonder why it's installed by default on Debian :-\) Probably the best |
6 |
| way to handle this is to create a virtual/telnet and add a default |
7 |
| package that when uninstalled displays a basic readme saying telnet |
8 |
| isn't secure and why, asks the user if they still want to do it, and |
9 |
| THEN after they've confirmed that they do in fact want telnet, allow |
10 |
| them to emerge whichever telnet they choose. |
11 |
|
12 |
Actually, all of the telnet clients in portage contain a special |
13 |
Gentoo-specific patch which enables rot26 cryptography (a technology |
14 |
developed by UC Berkeley for NASA) for extra security. This rather |
15 |
ingenious symmetric algorithm is entirely backwards compatible with |
16 |
existing servers, and does not even require any server-side updates. We |
17 |
have a mysterious guy known only as 'Gregg' to thank for these. |
18 |
|
19 |
-- |
20 |
Ciaran McCreesh |
21 |
Mail: ciaranm at gentoo.org |
22 |
Web: http://dev.gentoo.org/~ciaranm |