lördag 23 februari 2019 kl. 15:26:25 CET skrev Salvatore Bonaccorso: > On Sun, Jan 13, 2019 at 06:24:36PM +0100, Magnus Holmgren wrote: > > söndag 13 januari 2019 kl. 08:31:28 CET skrev Salvatore Bonaccorso: > > > On Fri, Dec 28, 2018 at 10:22:53AM +0100, Moritz Mühlenhoff wrote: > > > > On Wed, Dec 26, 2018 at 05:20:40PM +0100, Magnus Holmgren wrote: > > > > > I'm wondering if anyone would complain if I'd disable RSH (SSH) > > > > > connections > > > > > altogether. > > > > > > > > Full ack, that seems like the most sensible fix. > > > > > > Any news on this approach, or did you spot any problem with that way? > > > > Here's my plan. Removing the RSHPATH define should disable the insecure > > code, I reckon. I just haven't been able to make gbp use my long PGP key > > id... > Any news on this?
I thought I'd write a NEWS.Debian entry about disabling RSH, but then I realised it wouldn't be disabled completely, only by default; code using the library can still set rshpath by calling tcp_parameters(SET_RSHPATH, path). But maybe that's just fine. I also haven't got around to actually verifying that the patch works as intended. Perhaps wanting to run imapd via remote shell is so rare that there's no need to write a NEWS.Debian entry? -- Magnus Holmgren holmg...@debian.org Debian Developer
signature.asc
Description: This is a digitally signed message part.
