Subject: Re: Policy questions
To: Jason Thorpe <thorpej@wasabisystems.com>
From: Nathan J. Williams <nathanw@wasabisystems.com>
List: tech-userlevel
Date: 12/29/2003 22:04:47
Jason Thorpe <thorpej@wasabisystems.com> writes:
> On Dec 28, 2003, at 8:48 PM, Bruce J.A. Nourish wrote:
>
> > * Have we considered removing r{sh,cmd,cp} from the base distribution?
> > They are of dubious security and utility, and, I think, OpenBSD has
> > already ditched them.
>
> There are plenty of legitimate uses for the r* commands, especially on
> private (or otherwise secure) networks. I would strongly oppose
> removal of those commands.
I think we should keep the r* commands because people use them and I
believe in supplying rope, but I think that anyone who uses them in
the belief that some part of their network is "private" and thereby
secure is setting themselves up for a nasty surprise.
I would advocate that nobody should use the r* commands in their
thoroughly insecure (non-Kerberized) modes, but that NetBSD should
keep them until we can be sure nobody is using them anymore... which
is never.
- Nathan