On Sun, 2015-02-22 at 22:33 +0000, Philip Hands wrote: > P.S. I take it that you were not trying to say that there's anything you > object to about the proposal to use "without-password" as the default? Yes,... the upstream default should be either without-password or simply no, actually, for security reasons I'd even prefer the later. In the days of fully automated installation, puppet and Co. it can't be so hard for sysadmins to change that value to something != no when this is what they really want. Distros, IMHO, can overwrite the defaults (if there's really good reason),... but only in the config files, where everyone sees this. Really changing the defaults in code is basically in most if not all cases plain wrong (the only exceptions I could think of is, when upstream would really set defaults which are horribly security critical or may cause data corruption or things like that). Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev