Roland Dowdeswell wrote:
> 
> The mail that mentioned this change is:
> 
>         http://archives.neohapsis.com/archives/netbsd/2001-q3/0154.html
> 
> and the thread was the resulting discussion.
> 
Thank you.  I cannot tell which list that discussion was on, but I see 
that the change was made unilaterally, complaints were raised (including 
about the lack of prior discussion), and most of the arguments FOR the 
change were from 3 people.  Most of the arguments AGAINST were from well 
known operational and security folks, and the authors of SSH.

Yet the change stayed....  undocumented, more than a year later.

I particularly liked: 

  From: itojun@iijlab.net
  Date: Fri Aug 31 2001 - 17:26:33 CDT 
          I vote for whatever behavior compatible with stock OpenSSH, by default. 
          I don't think it wise to surprise people. 


  From: Sean Doran (smd@ebone.net)
  Date: Wed Sep 05 2001 - 14:05:23 CDT 

  ...  A few sentences 
  explaining why the flag is off by default as comments just before 
  the flag itself is possibly helpful to new users. Comment text 
  of any variety surely is not much inconvenience to someone who 
  wants to defeat the config defaults when settingup a new machine. 


  From: Steven M. Bellovin (smb@research.att.com)
  Date: Wed Sep 05 2001 - 22:09:33 CDT 

  ... People compensate for that with a 
  variety of hacks (often involving sudo) that tend to promote the 
  illusion of more security, but not the reality. And the reason for 
  that is that "privileged", non-root access to a machine is often 
  equivalent to root, but via a few extra, trivial steps. 

-- 
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32