Control: severity -1 important Hi again,
FYI I just uploaded netkit-telnet with two changes: - orphan package - include patch to fix crash on nessus scan On Mon, Feb 15, 2021 at 02:21:04AM +0100, Chris Hofstaedtler wrote: > I was hoping someone would jump in here and say "I'm using a telnet > server in 2021, and want to maintain it". But... not happening > apparently. Still hoping for Christoph Biedl to take it, but the package is now orphaned since he did not respond (yet) to my previous mail. > > Personally I would favor keeping netkit-telnet, but turning off > telnetd. As Salvatore said, this might have to wait for bookworm. IMO netcat is a better telnet client. We could possibly have a telnet package that just symlinks telnet to netcat for easier discoverability by users who hear telnet and are not familiar with netcat. (That could possibly also help my problem which is remembering which netcat implementation is the saner one.) If the telnet daemon is removed, I think you could just as well RM src:netkit-telnet entirely.... I'm personally also aware of people writing new telnet client/server code right now (even in 2021!). Their code is likely not less buggy, but what do I know..... I'd rather see them use existing implementation and improve on those if needed, but my argumentation gets harder if those are removed from the archives. (I don't have a problem with people using telnet technology if used/contained on trusted premises or accessible only via some transport layer security like a VPN.) Right now we offer several implementations and to me they all seem equally bad and un(der)maintained from a quick glance, but maybe we should just find one implementation that we promote usage of and get rid of the others. I noticed that busybox also has a telnetd applet that is currently disabled. Maybe it would be something to investigate if that's a better option to enable as hopefully busybox is a good active upstream (but I don't know how they view or care about their own telnet implementation). > > Maybe upload the patch now (closing both bugs), and I'll see if I > remember to remove telnetd for bookworm? :-) I think reopening this discussion early in bookworm is much better. In general if we remove stuff early, we have a good chance to see if people miss it and alot of time to try to convince people to try other solutions and if that fails still have time to re-introduce things before freeze happens.... For now I'm lowering the severity below RC (maybe we should just close this bug report. Feel free to do so as far as I'm concerned atleast). And as said, if you go for removal please just remove the entire source. Regards, Andreas Henriksson
