Re: [gentoo-dev] suggestion: virtual/telnet

Re: [gentoo-dev] suggestion: virtual/telnet

[Mike Frysinger]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 426 bytes --]

On Saturday 27 December 2003 17:03, Spider wrote:
> net-misc/telnet-bsd
> net-misc/netkit-telnetd

since we dont really have anything requiring telnet (afaik) and telnet is not 
in profiles, having a virtual/telnet serves no purpose in terms of portage 
other than allowing users to type `emerge telnet` ...
when that fails, they could just as easily do `emerge -s telnet` and see both 
those packages imo ...
-mike

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-dev] suggestion: virtual/telnet

[Georgi Georgiev]

[-- Attachment #1: Type: text/plain, Size: 646 bytes --]

maillog: 27/12/2003-19:34:49(-0500): Mike Frysinger types
> since we dont really have anything requiring telnet (afaik) and telnet is not 
> in profiles, having a virtual/telnet serves no purpose in terms of portage 
> other than allowing users to type `emerge telnet` ...

Well, it is easier for both packages to have !virtual/telnet in DEPEND in case
there comes another package that owns /usr/bin/telnet.

-- 
 /   Georgi Georgiev    / To generalize is to be an idiot. -- William   /
\     chutz@gg3.net    \  Blake                                        \
 /  +81(90)6266-1163    /                                               /

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] suggestion: virtual/telnet

[Spider]

[-- Attachment #1: Type: text/plain, Size: 681 bytes --]

begin  quote
On Sat, 27 Dec 2003 23:06:14 +0000
Ciaran McCreesh <ciaranm@gentoo.org> wrote:

> On Sat, 27 Dec 2003 23:03:23 +0100 Spider <spider@gentoo.org> wrote:
> | Well,
> |   this is something that a lot of users ask about (how do I get
> |   telnet?)
> 
> Wouldn't it be better to educate the users to get rid of that 'type in
> emerge telnet to install telnet' mentality?
> 

That too, but since we have a nice virtuals support, why not use it when
we have multiple packages that stand for the same functionality? ;)

//Spider

-- 
begin  .signature
This is a .signature virus! Please copy me into your .signature!
See Microsoft KB Article Q265230 for more information.
end

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] suggestion: virtual/telnet

[Mike Frysinger]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 226 bytes --]

On Saturday 27 December 2003 19:41, Spider wrote:
> That too, but since we have a nice virtuals support, why not use it when
> we have multiple packages that stand for the same functionality? ;)

because it's cruft ? :)
-mike

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 827 bytes --]

RE: [gentoo-dev] suggestion: virtual/telnet

[Allen Parker]

> -----Original Message-----
> From: Ciaran McCreesh [mailto:ciaranm@gentoo.org]
> Sent: Saturday, December 27, 2003 6:06 PM
> To: gentoo-dev@lists.gentoo.org
> Subject: Re: [gentoo-dev] suggestion: virtual/telnet
> 
> On Sat, 27 Dec 2003 23:03:23 +0100 Spider <spider@gentoo.org> wrote:
> | Well,
> |   this is something that a lot of users ask about (how do I get
> |   telnet?)
> 
> Wouldn't it be better to educate the users to get rid of that 'type in
> emerge telnet to install telnet' mentality?
> 
> --
> Ciaran McCreesh
> Mail:    ciaranm at gentoo.org
> Web:     http://dev.gentoo.org/~ciaranm



I must pipe up on this one. When a user asks for "telnet" they're usually
not aware of the security risks involved. (kinda makes me wonder why it's
installed by default on Debian :-\) Probably the best way to handle this is
to create a virtual/telnet and add a default package that when uninstalled
displays a basic readme saying telnet isn't secure and why, asks the user if
they still want to do it, and THEN after they've confirmed that they do in
fact want telnet, allow them to emerge whichever telnet they choose.

So, to re-state because I'm not even sure what I said up there:
Create package block-telnet that does as it's name implies, blocks the
virtual/telnet package so that no other telnetd/telnet client may be emerged
without removing it first.
Setup block-telnet to install something like /usr/share/doc/telnet-readme
(the contents of the same thing you read when you remove block-telnet) and
upon unmerge fire off a simple shell script that less's the same file
(hidden) that is telnet-readme with a yes/no choice saying are you sure you
wish to remove me?
Add block-telnet -> virtual/telnet as a virtual/telnet blocker by default
for all arch/stage/devel profiles under system instead of world and make it
a default package (like nano) for Gentoo 2004.

It honestly seems to me that this would probably take any dev minutes to set
the virtual up this way and it would also allow very fast, short answers in
regards to getting questions on telnet:

Eg:
User: how do I install telnet?
Dev: emerge unmerge block-telnet ... and read what it says.
User: thanks for your help!

That's my 2/100ths of a monetary unit.
Allen Parker

PS: when used in this manner, it's hardly cruft.


--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] suggestion: virtual/telnet

[Ciaran McCreesh]

[-- Attachment #1: Type: text/plain, Size: 1109 bytes --]

On Sat, 27 Dec 2003 21:55:02 -0500 "Allen Parker" <allenp@efn.org>
wrote:
| I must pipe up on this one. When a user asks for "telnet" they're
| usually not aware of the security risks involved. (kinda makes me
| wonder why it's installed by default on Debian :-\) Probably the best
| way to handle this is to create a virtual/telnet and add a default
| package that when uninstalled displays a basic readme saying telnet
| isn't secure and why, asks the user if they still want to do it, and
| THEN after they've confirmed that they do in fact want telnet, allow
| them to emerge whichever telnet they choose.

Actually, all of the telnet clients in portage contain a special
Gentoo-specific patch which enables rot26 cryptography (a technology
developed by UC Berkeley for NASA) for extra security. This rather
ingenious symmetric algorithm is entirely backwards compatible with
existing servers, and does not even require any server-side updates. We
have a mysterious guy known only as 'Gregg' to thank for these.

-- 
Ciaran McCreesh
Mail:    ciaranm at gentoo.org
Web:     http://dev.gentoo.org/~ciaranm


[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] suggestion: virtual/telnet

[Paul de Vrieze]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 752 bytes --]

On Sunday 28 December 2003 05:10, Ciaran McCreesh wrote:
> On Sat, 27 Dec 2003 21:55:02 -0500 "Allen Parker" <allenp@efn.org>

> Actually, all of the telnet clients in portage contain a special
> Gentoo-specific patch which enables rot26 cryptography (a technology
> developed by UC Berkeley for NASA) for extra security. This rather
> ingenious symmetric algorithm is entirely backwards compatible with
> existing servers, and does not even require any server-side updates. We
> have a mysterious guy known only as 'Gregg' to thank for these.

HAHAHAHAHA

Paul
ps. to all the people not in the know, this is a joke as rot26 is rubbish.

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] suggestion: virtual/telnet

[Christian Birchinger]

I'm the last person who would want infos and help on emerge
removed but that sounds like too much baby sitting.
I like Gentoo for not enabling the server daemon by default
after emerge. That's the "protection" i expect and like.
But i dislike when my distribution tries to be smarter than
the user. If you want to warn the user then a ewarn after
emerge has to be enough becauee everything else annoys too
much.

And telnet isn't bad by default. I use the client for various
tests and have it installed on all my machines because sometimes
it's just simpler than netcat magic etc.

On Sat, Dec 27, 2003 at 09:55:02PM -0500, Allen Parker wrote:
> I must pipe up on this one. When a user asks for "telnet" they're usually
> not aware of the security risks involved. (kinda makes me wonder why it's
> installed by default on Debian :-\) Probably the best way to handle this is
> to create a virtual/telnet and add a default package that when uninstalled
> displays a basic readme saying telnet isn't secure and why, asks the user if
> they still want to do it, and THEN after they've confirmed that they do in
> fact want telnet, allow them to emerge whichever telnet they choose.
> 
> So, to re-state because I'm not even sure what I said up there:
> Create package block-telnet that does as it's name implies, blocks the
> virtual/telnet package so that no other telnetd/telnet client may be emerged
> without removing it first.
> Setup block-telnet to install something like /usr/share/doc/telnet-readme
> (the contents of the same thing you read when you remove block-telnet) and
> upon unmerge fire off a simple shell script that less's the same file
> (hidden) that is telnet-readme with a yes/no choice saying are you sure you
> wish to remove me?
> Add block-telnet -> virtual/telnet as a virtual/telnet blocker by default
> for all arch/stage/devel profiles under system instead of world and make it
> a default package (like nano) for Gentoo 2004.
> 
> It honestly seems to me that this would probably take any dev minutes to set
> the virtual up this way and it would also allow very fast, short answers in
> regards to getting questions on telnet:
> 
> Eg:
> User: how do I install telnet?
> Dev: emerge unmerge block-telnet ... and read what it says.
> User: thanks for your help!
> 
> That's my 2/100ths of a monetary unit.
> Allen Parker
> 
> PS: when used in this manner, it's hardly cruft.

--
gentoo-dev@gentoo.org mailing list

FW: [gentoo-dev] suggestion: virtual/telnet

[Allen Parker]

Sorry, the first time I sent it, I hit the wrong reply button.

> -----Original Message-----
> From: Allen Parker [mailto:allenp@efn.org]
> Sent: Saturday, December 27, 2003 7:32 PM
> To: 'Ciaran McCreesh'
> Subject: RE: [gentoo-dev] suggestion: virtual/telnet
> 
> I must pipe up on this one. When a user asks for "telnet" they're usually
> not aware of the security risks involved. (kinda makes me wonder why it's
> installed by default on Debian :-\) Probably the best way to handle this
> is to create a virtual/telnet and add a default package that when
> uninstalled displays a basic readme saying telnet isn't secure and why,
> asks the user if they still want to do it, and THEN after they've
> confirmed that they do in fact want telnet, allow them to emerge whichever
> telnet they choose.
> 
> So, to re-state because I'm not even sure what I said up there:
> Create package block-telnet that does as it's name implies, blocks the
> virtual/telnet package so that no other telnetd/telnet client may be
> emerged without removing it first.
> Setup block-telnet to install something like /usr/share/doc/telnet-readme
> (the contents of the same thing you read when you remove block-telnet) and
> upon unmerge fire off a simple shell script that less's the same file
> (hidden) that is telnet-readme with a yes/no choice saying are you sure
> you wish to remove me?
> Add block-telnet -> virtual/telnet as a virtual/telnet blocker by default
> for all arch/stage/devel profiles under system instead of world and make
> it a default package (like nano) for Gentoo 2004.
> 
> It honestly seems to me that this would probably take any dev minutes to
> set the virtual up this way and it would also allow very fast, short
> answers in regards to getting questions on telnet:
> 
> Eg:
> User: how do I install telnet?
> Dev: emerge unmerge block-telnet ... and read what it says.
> User: thanks for your help!
> 
> That's my 2/100ths of a monetary unit.
> Allen Parker
> 
> > -----Original Message-----
> > From: Ciaran McCreesh [mailto:ciaranm@gentoo.org]
> > Sent: Saturday, December 27, 2003 6:06 PM
> > To: gentoo-dev@lists.gentoo.org
> > Subject: Re: [gentoo-dev] suggestion: virtual/telnet
> >
> > On Sat, 27 Dec 2003 23:03:23 +0100 Spider <spider@gentoo.org> wrote:
> > | Well,
> > |   this is something that a lot of users ask about (how do I get
> > |   telnet?)
> >
> > Wouldn't it be better to educate the users to get rid of that 'type in
> > emerge telnet to install telnet' mentality?
> >
> > --
> > Ciaran McCreesh
> > Mail:    ciaranm at gentoo.org
> > Web:     http://dev.gentoo.org/~ciaranm



--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] suggestion: virtual/telnet

[Jason Wever]

[-- Attachment #1: Type: text/plain, Size: 1514 bytes --]

On Sat, 27 Dec 2003 21:44:06 -0500
"Allen Parker" <allenp@efn.org> wrote:

> > So, to re-state because I'm not even sure what I said up there:
> > Create package block-telnet that does as it's name implies, blocks the
> > virtual/telnet package so that no other telnetd/telnet client may be
> > emerged without removing it first.
> > Setup block-telnet to install something like
> > /usr/share/doc/telnet-readme(the contents of the same thing you read
> > when you remove block-telnet) and upon unmerge fire off a simple shell
> > script that less's the same file(hidden) that is telnet-readme with a
> > yes/no choice saying are you sure you wish to remove me?
> > Add block-telnet -> virtual/telnet as a virtual/telnet blocker by
> > default for all arch/stage/devel profiles under system instead of
> > world and make it a default package (like nano) for Gentoo 2004.

I don't believe our intention or goal is to proactively protect the user
from their own possible stupidity.  Telnet is still rather viable for
things (think terminal servers) and has many applications where security
may not be a concern.  

If we were going to apply this logic, we'd have to do the same for all web
browsers that don't support SSL, all ldap clients and servers that don't
support SSL or any other programs that transmit data in the clear across
the network.

I believe one of the reasons openssh is in the default system profile is
to help increase security in this regard.

Cheers,
-- 
Jason Wever
Gentoo/Sparc Co-Team Lead

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] suggestion: virtual/telnet

[Mike Williams]

On Sunday 28 December 2003 03:34, Jason Wever wrote:

> I don't believe our intention or goal is to proactively protect the user
> from their own possible stupidity.  Telnet is still rather viable for
> things (think terminal servers) and has many applications where security
> may not be a concern.

Mostly, as an administrator/power user, telnet is an absolute must for testing 
services.

The block-telnet with a virtual/telnet is a good idea. A simple 1 line reason 
for the block printed when portage shows the block would make things even 
better.
Yes, it's work for a dev, but if it saves a multitude of questions later isn't 
it worth the effort now?

-- 
Mike Williams

--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] suggestion: virtual/telnet

[Ciaran McCreesh]

[-- Attachment #1: Type: text/plain, Size: 511 bytes --]

On Sun, 28 Dec 2003 10:26:18 +0000 Mike Williams <mike@gaima.co.uk>
wrote:
| The block-telnet with a virtual/telnet is a good idea. A simple 1 line
| reason for the block printed when portage shows the block would make
| things even better.
| Yes, it's work for a dev, but if it saves a multitude of questions
| later isn't it worth the effort now?

Not really. That's some pretty heavy abuse of virtuals and ebuilds.

-- 
Ciaran McCreesh
Mail:    ciaranm at gentoo.org
Web:     http://dev.gentoo.org/~ciaranm


[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] suggestion: virtual/telnet

[Mike Frysinger]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 549 bytes --]

On Sunday 28 December 2003 05:33, Ciaran McCreesh wrote:
> On Sun, 28 Dec 2003 10:26:18 +0000 Mike Williams <mike@gaima.co.uk>
>
> wrote:
> | The block-telnet with a virtual/telnet is a good idea. A simple 1 line
> | reason for the block printed when portage shows the block would make
> | things even better.
> | Yes, it's work for a dev, but if it saves a multitude of questions
> | later isn't it worth the effort now?
>
> Not really. That's some pretty heavy abuse of virtuals and ebuilds.

agreed
make a FAQ entry and call it a day i say
-mike

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-dev] suggestion: virtual/telnet

[Jeremy Maitin-Shepard]

Mike Williams <mike@gaima.co.uk> writes:

> On Sunday 28 December 2003 03:34, Jason Wever wrote:
>> I don't believe our intention or goal is to proactively protect the user
>> from their own possible stupidity.  Telnet is still rather viable for
>> things (think terminal servers) and has many applications where security
>> may not be a concern.

> Mostly, as an administrator/power user, telnet is an absolute must for testing 
> services.

Although people often tend to use and think of telnet as being
plain-text, bare TCP, it really is a protocol, and so it would probably
be best to use the far-more-useful-for-that-purpose netcat program
(net-analyzer/netcat).

> The block-telnet with a virtual/telnet is a good idea. A simple 1 line reason 
> for the block printed when portage shows the block would make things even 
> better.
> Yes, it's work for a dev, but if it saves a multitude of questions later isn't 
> it worth the effort now?

Adding a block-telnet package to the system class seems like an
excessive amount of trouble to inconvenience users excessively.

-- 
Jeremy Maitin-Shepard

--
gentoo-dev@gentoo.org mailing list

RE: [gentoo-dev] suggestion: virtual/telnet

[Allen Parker]

I'm an asshole, sorry about the dual posts.




--
gentoo-dev@gentoo.org mailing list