On Thu, May 08, 2003 at 01:36:41PM +0100, Andrew Suffield wrote: > > If you have a network that is already > > secure (for example, behind a decent firewall, or a VPN), using ssh only > > means lots of unnecessary overhead. The lack of security in rsh is not a > > bug, it is just the way it is supposed to work. > Security should be end-to-end, not point-to-point. The sheer number of > times a site has been compromised because their "secure" network > wasn't and somebody was using rsh... I quite agree. We should be thinking about ways to remove the need for the *first* rsh implementation we ship, not adding another one. -- Steve Langasek postmodern programmer
Attachment:
pgpwPZ6pSM85l.pgp
Description: PGP signature