On Sat, 27 Dec 2003 21:44:06 -0500 "Allen Parker" <[EMAIL PROTECTED]> wrote:
> > So, to re-state because I'm not even sure what I said up there: > > Create package block-telnet that does as it's name implies, blocks the > > virtual/telnet package so that no other telnetd/telnet client may be > > emerged without removing it first. > > Setup block-telnet to install something like > > /usr/share/doc/telnet-readme(the contents of the same thing you read > > when you remove block-telnet) and upon unmerge fire off a simple shell > > script that less's the same file(hidden) that is telnet-readme with a > > yes/no choice saying are you sure you wish to remove me? > > Add block-telnet -> virtual/telnet as a virtual/telnet blocker by > > default for all arch/stage/devel profiles under system instead of > > world and make it a default package (like nano) for Gentoo 2004. I don't believe our intention or goal is to proactively protect the user from their own possible stupidity. Telnet is still rather viable for things (think terminal servers) and has many applications where security may not be a concern. If we were going to apply this logic, we'd have to do the same for all web browsers that don't support SSL, all ldap clients and servers that don't support SSL or any other programs that transmit data in the clear across the network. I believe one of the reasons openssh is in the default system profile is to help increase security in this regard. Cheers, -- Jason Wever Gentoo/Sparc Co-Team Lead
pgp00000.pgp
Description: PGP signature
