Re: Debian openssh option review: considering splitting out GSS-API key exchange

To: <debian-devel@lists.debian.org>
Subject: Re: Debian openssh option review: considering splitting out GSS-API key exchange
From: "Jonathan Dowland" <jmtd@debian.org>
Date: Wed, 03 Apr 2024 14:10:37 +0100
Message-id: <[🔎] D0AIGOSPA2VW.365BHRNRICXXU@debian.org>
In-reply-to: <[🔎] E1rrcLj-00000000PhY-0uI1@swivel>
References: <[🔎] ZgtRkoAZ13zPzgjN@riva.ucam.org> <[🔎] E1rrcLj-00000000PhY-0uI1@swivel>

On Tue Apr 2, 2024 at 12:30 PM BST, Marc Haber wrote:
> Please don't drop the mechanism that saved my¹ unstable installations
> from being vulnerable to the current xz-based attack. Just having to
> dump an ALL: ALL into /etc/hosts.deny is vastly easier than having to
> maintain a packet filter.

For you and fellow greybeards, perhaps: I'd be surprised if many people
younger than us have even heard of tcp wrappers. I don't think the
muscle memory of a diminishing set of users is a strong argument,
especially given it's a preference rather than a requirement, and
alternatives do exist.

-- 
Please do not CC me for listmail.

👱🏻	Jonathan Dowland
✎	 jmtd@debian.org
🔗	https://jmtd.net

Reply to:

Follow-Ups:
- Re: Debian openssh option review: considering splitting out GSS-API key exchange
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

References:
- Debian openssh option review: considering splitting out GSS-API key exchange
  - From: Colin Watson <cjwatson@debian.org>
- Re: Debian openssh option review: considering splitting out GSS-API key exchange
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

Prev by Date: Bug#1068317: ITP: python-pyzstd -- Facebook's Zstandard (or zstd as short name) algorithm for Python
Next by Date: Re: Debian openssh option review: considering splitting out GSS-API key exchange
Previous by thread: Re: Debian openssh option review: considering splitting out GSS-API key exchange
Next by thread: Re: Debian openssh option review: considering splitting out GSS-API key exchange
Index(es):
- Date
- Thread