On Mon, Aug 8, 2016 at 3:19 AM, anarcat <anar...@debian.org> wrote: > I'd go even further and say this should be shipped as part of regular > Debian releases, ie. just push it to unstable. >
I think the argument against that was that it requires a hard-coded third-party server as a middleman, and it's explicitly stated that it'll disappear if load increases. > We still ship FTP daemons that serve files without passwords and use > cleartext by default. > They're not labeled "secure" though ;) Just to clarify, I never objected to the package itself, just that I wasn't sure about it being called "secure". I don't know enough about the algorithms and attack surfaces involved to make any kind of qualified statement though, so maybe it does qualify as secure. Cheers, Fredrik.
