Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade

To: jidanni@jidanni.org
Cc: suresh@hserus.net, 483756@bugs.debian.org
Subject: Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 8 Jun 2008 19:02:06 +0100
Message-id: <20080608180206.GR16645@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 483756@bugs.debian.org
In-reply-to: <87zlq2p7lr.fsf@jidanni.org>
References: <20080602080914.GR16645@riva.ucam.org> <87zlq2p7lr.fsf@jidanni.org>

On Wed, Jun 04, 2008 at 04:49:04AM +0800, jidanni@jidanni.org wrote:
> OK, thanks. Anyway
> http://www.useit.com/alertbox/designer-user-differences.html . OK, bye.

Likewise, users intentionally playing dumb aren't comparable to ordinary
users either. (Yes, everyone starts out with a blank slate; that doesn't
mean they all intentionally try to take the worst possible course.)
Furthermore, you apparently haven't really listened to my comments about
how sshd automatically blocks compromised keys; remember that the best
UI is always one where no UI is needed at all, where possible.
ssh-vulnkey is *supplemental* to the automatic blacklisting, not an
essential element of it.

Also, just as designers are not users, users are not designers. Each
must listen to the other in order to have a productive exchange. You
have a track record of simply firing stuff at designers and not
listening to what's said in return, which doesn't work any better than a
designer who refuses to listen to users. If, as you did in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483756#72, you propose
specific protocol changes, you must accept that you are attempting to
take the place of a designer and behave accordingly, which includes
performing research before proposing changes.

I'm not interested in any further e-mail from you on this subject, and
will delete it unread. I have made many improvements to the (admittedly
rather rushed) ssh-vulnkey implementation in response to user comments,
and I expect to continue to do so; indeed, I have taken considerable
time to respond to other issues you've raised, and have already made two
changes addressing comments you've made in this bug report.

However, I do not appreciate you dashing off two-line insults in return,
and will not make changes I consider to be incorrect simply because you
quote a usability URL at me (usability is extremely important, but
mustn't trump correctness). People who are willing to meet me half-way
rather than pretend superiority on the basis of a deliberate refusal to
learn are welcome to correspond on this subject if they so wish.

Regards,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#483756: (no subject)
  - From: jidanni@jidanni.org

References:
- Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
  - From: Colin Watson <cjwatson@debian.org>
- Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
  - From: jidanni@jidanni.org

Prev by Date: Bug#484404: openssh: Update menu-item number for openssh-client-udeb
Next by Date: Processed: Re: Bug#484269: openssh-blacklist bloats small debian systems with sshd
Previous by thread: Bug#483756: insist ssh-vulnkey -a be run by the administrator upon upgrade
Next by thread: Bug#483756: (no subject)
Index(es):
- Date
- Thread