On Thu, May 08, 2003 at 10:09:31AM -0500, John Goerzen wrote: > On Thu, May 08, 2003 at 08:49:48AM -0500, Steve Langasek wrote: > > > Security should be end-to-end, not point-to-point. The sheer number of > > > times a site has been compromised because their "secure" network > > > wasn't and somebody was using rsh... > > > > I quite agree. We should be thinking about ways to remove the need for > > the *first* rsh implementation we ship, not adding another one. > rsh is a tool. It has its uses. On a network with no public access and > only trusted users (perhaps I personally run several computers), ssh is > overkill and can impede performance. > Are you suggesting that we also remove anything that can speak FTP, HTTP > without SSL, SMTP without SSL, finger, gopher, telnet, talk, or any number > of other protocols of that nature? If so, I respectfully suggest that you > are smoking something *very* good. > If not, then why pick on rsh? Because almost all of the above are *standards*, and rsh is an ugly hack? -- Steve Langasek postmodern programmer
Attachment:
pgpSiJM4fb590.pgp
Description: PGP signature