On Sat, 27 Dec 2003 21:55:02 -0500 "Allen Parker" <[EMAIL PROTECTED]> wrote: | I must pipe up on this one. When a user asks for "telnet" they're | usually not aware of the security risks involved. (kinda makes me | wonder why it's installed by default on Debian :-\) Probably the best | way to handle this is to create a virtual/telnet and add a default | package that when uninstalled displays a basic readme saying telnet | isn't secure and why, asks the user if they still want to do it, and | THEN after they've confirmed that they do in fact want telnet, allow | them to emerge whichever telnet they choose.
Actually, all of the telnet clients in portage contain a special Gentoo-specific patch which enables rot26 cryptography (a technology developed by UC Berkeley for NASA) for extra security. This rather ingenious symmetric algorithm is entirely backwards compatible with existing servers, and does not even require any server-side updates. We have a mysterious guy known only as 'Gregg' to thank for these. -- Ciaran McCreesh Mail: ciaranm at gentoo.org Web: http://dev.gentoo.org/~ciaranm
pgp00000.pgp
Description: PGP signature
