[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages to remove from frozen

On Tue, Mar 07, 2000 at 11:26:12PM -0500, Michael Stone wrote:
> On Tue, Mar 07, 2000 at 03:13:36PM -0800, Joey Hess wrote:
> > Michael Stone wrote:
> > > Not very backward-compatible, is it? In some environments it's desirable
> > > to have the software behave the same on every platform; even if it's
> > > buggy, the bugs need to be consistent.
> > 
> > This is linux. We break backwards compatability if we have to do do things
> > *right*.
> How is it right to spit out an error message on every connection that
> adds nothing to most people's use of the product? Especially when there
> exists a verbose mode for people who want lots of gory details about the
> efficacy of their connection? SSH doesn't tell me the key length of
> connections *except* in this one case--which is not consistent, and
> which is not unambiguously "*right*" behavior.

Eh, well, it is correct[1] behavior to toss out an error message in this
case since it's notifying you of a *security* problem.  In fact, it's
telling you that the server key is half as secure as the server claims
it is.

If you and your users don't care about security then I'm sure the
error is a real pain in the ass.  Of course, if security isn't an
issue then you really don't need to use ssh at all.

Generally you complain about issues that have relevance.  I think
you've missed on this one.


Nathan Norman         "Eschew Obfuscation"          Network Engineer
GPG Key ID 1024D/51F98BB7            http://home.midco.net/~nnorman/
Key fingerprint = C5F4 A147 416C E0BF AB73  8BEF F0C8 255C 51F9 8BB7

[1] "Right" describes a direction, specifically the one opposite

Attachment: pgpOGZ7X7XGQa.pgp
Description: PGP signature

Reply to: