Re: [PATCH] introduce vendordir for easier config file update

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, Feb 03, Philipp Marek wrote:

> >> So if there is no admin provided configuration file, the vendor file 
> >> from
> >> /usr/share/ssh is used. If there is an admin provided configuration 
> >> file
> >> in /etc/ssh, this one will be used by default.
> > does nobody have an opinion about this?
> 
> Well, with your solution: if the vendor file gets some new security 
> settings,
> the admin file won't get them, and so the total security might go down.
> (Example: "Protocol 2")

If the admin creates an own copy, he has to maintain it like he has
today. If the admin makes changes today, he also don't get the new
security settings.

So in worst case, the situation is as of today, you are right. But not
in general.

  Thorsten

-- 
Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany
Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux