From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 6371 invoked from network); 28 Dec 2003 14:52:47 +0000 Received: from smtp.gentoo.org (128.193.0.39) by eagle.gentoo.oregonstate.edu with DES-CBC3-SHA encrypted SMTP; 28 Dec 2003 14:52:47 +0000 Received: from lists.gentoo.org ([128.193.0.34] helo=eagle.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.24) id 1AacHe-0006RA-U3 for arch-gentoo-dev@lists.gentoo.org; Sun, 28 Dec 2003 14:52:46 +0000 Received: (qmail 19014 invoked by uid 50004); 28 Dec 2003 14:52:46 +0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 31196 invoked from network); 28 Dec 2003 14:52:46 +0000 Date: Sun, 28 Dec 2003 15:52:44 +0100 From: Christian Birchinger To: gentoo-dev@lists.gentoo.org Message-ID: <20031228145244.GA17786@netswarm.net> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <20031227230614.057982c7@snowdrop.home> <200312280328.hBS3SYWm016987@netswarm.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312280328.hBS3SYWm016987@netswarm.net> User-Agent: Mutt/1.4.1i X-Accepted-File-Formats: ASCII, .ps, .rtf, .pdf - *NO* Micosoft Office files please X-Info: No HTML mails please. text/plain is the official email format Subject: Re: [gentoo-dev] suggestion: virtual/telnet X-Archives-Salt: 7ccee60a-58d5-4155-99b8-0b75ec06bdaf X-Archives-Hash: 5be9baa779cc5edb9783bf6ea001e033 I'm the last person who would want infos and help on emerge removed but that sounds like too much baby sitting. I like Gentoo for not enabling the server daemon by default after emerge. That's the "protection" i expect and like. But i dislike when my distribution tries to be smarter than the user. If you want to warn the user then a ewarn after emerge has to be enough becauee everything else annoys too much. And telnet isn't bad by default. I use the client for various tests and have it installed on all my machines because sometimes it's just simpler than netcat magic etc. On Sat, Dec 27, 2003 at 09:55:02PM -0500, Allen Parker wrote: > I must pipe up on this one. When a user asks for "telnet" they're usually > not aware of the security risks involved. (kinda makes me wonder why it's > installed by default on Debian :-\) Probably the best way to handle this is > to create a virtual/telnet and add a default package that when uninstalled > displays a basic readme saying telnet isn't secure and why, asks the user if > they still want to do it, and THEN after they've confirmed that they do in > fact want telnet, allow them to emerge whichever telnet they choose. > > So, to re-state because I'm not even sure what I said up there: > Create package block-telnet that does as it's name implies, blocks the > virtual/telnet package so that no other telnetd/telnet client may be emerged > without removing it first. > Setup block-telnet to install something like /usr/share/doc/telnet-readme > (the contents of the same thing you read when you remove block-telnet) and > upon unmerge fire off a simple shell script that less's the same file > (hidden) that is telnet-readme with a yes/no choice saying are you sure you > wish to remove me? > Add block-telnet -> virtual/telnet as a virtual/telnet blocker by default > for all arch/stage/devel profiles under system instead of world and make it > a default package (like nano) for Gentoo 2004. > > It honestly seems to me that this would probably take any dev minutes to set > the virtual up this way and it would also allow very fast, short answers in > regards to getting questions on telnet: > > Eg: > User: how do I install telnet? > Dev: emerge unmerge block-telnet ... and read what it says. > User: thanks for your help! > > That's my 2/100ths of a monetary unit. > Allen Parker > > PS: when used in this manner, it's hardly cruft. -- gentoo-dev@gentoo.org mailing list