https://bugzilla.mindrot.org/show_bug.cgi?id=2050
--- Comment #17 from Dmitry V. Levin <[email protected]> --- (In reply to Drew DeVault from comment #16) > (In reply to Dmitry V. Levin from comment #15) > > Adding support for an extra place where to look for security > > sensitive information would introduce a major security risk, > > therefore openssh should not change its default behavior in this > > respect. If it ever changed, we downstream maintainers would > > certainly patch it out. > > And how exactly does it pose a major security risk? The risk is that sensitive data would be accessed from a less secure location than ~/.ssh/. I saw setups where ~/ and ~/.ssh/ directories were out of user control, these setups would break. You're talking about defaults, they shouldn't change this way. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
