On Thu, 06 Jan 2005 17:47:39 +0000, P@xxxxxxxxxxxxxx <P@xxxxxxxxxxxxxx> wrote: > So can we change the upstream default back to what it used to be? How about you convince the upstream developers at the openssh to switch the default back, instead of laying the burden at the distributor level to customize this. I don't think its reasonable to ask for a security feature to be turned off at the distribution level without a clear understanding as to why the upstream developers decided to enable the extra security layer by default. Have you looked yet to see why the upstream developers decided to make this the default? Whatever reasons you can think of that would be a convincing argument to change this inside Fedora, should be equally convincing to the upstream project developers to get the default changed upstream for greatest benefit and least amount of overall maintaince hassle by each and every distributor. Before seeing if its worth it to change inside Fedora, there has to be an understanding of why the upstream change was made. Even if you don't agree with the change the upstream developers did it for a reason and any discussion that tries to balance the tradeoff between security and functionality must include a rational presentation of both sides. the bugreport you have shown and the mailinglist post you made show one side of the argument, but thats not really enough. if you want to have a constructive dialog about changing this feature, you must be able to point to the upstream developer's rationale for making the default and pinpoint where their reasons are faulty. -jef"i find it somewhat ironic that a tool that describes itself as 'secure shell' can be defaulted too securely"spaleta
