If you mean put zero warnings and not 'wait until there are zero users' then I see in that a tacit agreement that indeed there comes a time when the userbase is small enough that it warrants removal/disablement (especially if there is a security concern, even more especially in security related software). Then it's just a question of when, and as is their custom and prerrogative, OpenSSH chose earlier than you would have liked in this case. Making such judgement calls is partially what made them the popular SSH client/server that they are. 2018-01-02 2:16 GMT-05:00 Haven Tristan Hash <havenster@xxxxxxxxx>: > > >> I think zero. > > > That seems like a pretty untenable position. > > Note that a less extreme stance than this (0!) still led OpenSSL to > support VMS, Netware and 16-bit Windows into 2014 and beyond. Creating a > larger, more complex codebase which contributed to security problems. > Security being the entire point, this was deemed by others (OpenBSD from > whence comes this very OpenSSH) to be counter-productive. OpenBSD then > forked and removed said support. So their philosophy on removing insecure > baggage is pretty clear and consistent. > > It seems like you grant the point that the 768 bit keys are insecure and > you don't mind, in which case you likely already have an easily accesible > command line option to access these devices called telnet. > > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
