> -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] Behalf Of Duncan > Sent: 24 February 2007 15:10 > To: [email protected] > Subject: [gentoo-desktop] Openssh really needed in desktop profiles? > > In fact, despite the fact that I've been running Gentoo since > early 2004, > I've /never/ had ssh on the system, AFAIK. It has always > been injected > or in package.provided, since I never could see a reason to > have it on my > system, and as we all know, an unneeded and unused app on the > system is a > security vulnerability waiting to happen. Not only that, but > on Gentoo, > there's a significantly higher than normal maintenance > burden, give our > compile from sources general policy. Since I've not needed it in all > /that/ time, it should indeed be safe to remove from the > system list and > made a dependency for anything that /does/ need it. >
I was under the (possibly mistaken) impression that openssh was a relatively secure, stable package as one would hope from one of the staple packages for any remote *nix server. Also. 2min43s to compile 4.5_p1-r1 on a Core Duo running at 1.33GHz (while doing other things). /etc/ssh is 164k other confs in /etc are 12k total scp is 44k sftp is 68k /usr/bin/ssh* are <700k sshd is 300k. Plus docs and stuff. So it's not that long to compile, and only takes a few megs of space at most. I don't see a pressing reason to remove it by default - and it's a damn useful tool to have installed. Throw into that the confusion if people don't know it's been removed by default.... Anyone who knows they wont need it can easily remove it. Or do rc-update del sshd default. Just my £0.02 - the "aye been" approach I'm afraid. -- djn I do not represent anyone else in emails I send to this list.
