Bug#679751: please clarify package account and home directory location in policy
Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr> writes:
> On Tue, Jul 03, 2012 at 10:04:45AM -0700, Russ Allbery wrote:
>> Oh, right, for the client. Yes, yes.
>> Well, personally I would not consider either the client's key or the
>> known_hosts file to be configuration files.
> In some common situation, the known_hosts is clearly a configuration
> file. If ssh is restricted to connection to known hosts, then the user
> is supposed to prefill the known_hosts file with the small set of hosts
> that are allowed, then it became a configuration file.
That is is one possible way to use the file, but I think the common usage
of known_hosts is to do first-connect leap-of-faith, in which case it
doesn't behave like a configuration file.
I think it's perfectly acceptable to have an admin drop data into a
/var/lib directory for non-default configurations of packages. I wouldn't
use a hand-maintained file as the default configuration, since usually
it's too much pain for insufficient security gain.
But that's all just my opinion, and the known_hosts file is pretty easy to
also symlink into /etc if Marc disagrees and feels like, for this package,
it should really be hand-maintained.
The private key of the client is trickier to turn into a configuration
file, but there I really don't think it behaves like a configuration file
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>