On Thu, May 08, 2003 at 01:36:41PM +0100, Andrew Suffield wrote: > On Thu, May 08, 2003 at 01:24:58PM +0200, Guus Sliepen wrote: > > On Thu, May 08, 2003 at 01:56:18PM +0300, Lars Wirzenius wrote: > > > > > > Rsh-redone is a reimplementation of the remote shell clients and > > > > servers. It is written from the ground up to avoid the bugs found in > > > > the standard clients and servers. > > > > > > Such as transmitting passwords in cleartext or relying on IP numbers for > > > authentication? > > > > Sigh, you're obviously trolling. > > So that would be a "no", then? > > > If you have a network that is already > > secure (for example, behind a decent firewall, or a VPN), using ssh only > > means lots of unnecessary overhead. The lack of security in rsh is not a > > bug, it is just the way it is supposed to work. > > Security should be end-to-end, not point-to-point. The sheer number of > times a site has been compromised because their "secure" network > wasn't and somebody was using rsh... So if you are consequent, we should immediately stop distributing ftp, mail servers and clients that send clear text mails, web servers and browsers, etc... > People who can create a genuinely secure network are invited to start > a consultancy firm; they could make millions. It should be enough to give a warning in the description. This rsh replacement would make sense if CPU time is crucial, eg. for small, embedded devices, or if you want to copy files over a Gigabit network. Personally, I use scp even for iso images. Nevertheless, I still think such a package does make sense. Greetings, Oliver -- .''`. : :' : Oliver Kurth oku@debian.org `. `' Debian GNU/Linux maintainer - www.debian.org `-
Attachment:
pgpJe_IJbqvXP.pgp
Description: PGP signature