[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh X forwarding change in FC3



On Thu, 06 Jan 2005 17:47:39 +0000, P draigbrady com <P draigbrady com> wrote:
> So can we change the upstream default back to what it used to be?

How about you convince the upstream developers at the openssh to
switch the default back, instead of laying the burden at the
distributor level to customize this.  I don't think its reasonable to
ask for  a security feature to be turned off at the distribution level
without a clear understanding as to why the upstream developers
decided to enable the extra security layer by default.  Have you
looked yet to see why the upstream developers decided to make this the
default?  Whatever reasons you can think of that would be a convincing
argument to change this inside Fedora, should be equally convincing to
the upstream project developers to get the default changed upstream
for greatest benefit and least amount of overall maintaince hassle by
each and every distributor.  Before seeing if its worth it to change
inside Fedora, there has to be an understanding of why the upstream
change was made.

Even if you don't agree with the change the upstream developers did it
for a reason and any discussion that tries to balance the tradeoff
between security and functionality must include a rational
presentation of both sides. the bugreport you have shown and the
mailinglist post you made show one side of the argument, but thats not
really enough. if you want to have a constructive dialog about
changing this feature, you must be able to point to the upstream
developer's rationale for making the default and pinpoint where their
reasons are faulty.
   
-jef"i find it somewhat ironic that a tool that describes itself as
'secure shell' can be defaulted too securely"spaleta


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]