cvs commit: src/release Makefile src/release/scripts
crypto-install.sh
Alexey Dokuchaev
danfe at nsu.ru
Sun May 4 22:32:10 PDT 2003
On Wed, Apr 30, 2003 at 01:00:09PM -0700, Kris Kennaway wrote:
> On Wed, Apr 30, 2003 at 08:52:44PM +0100, Mark Murray wrote:
> > Kris Kennaway writes:
> > > > It will be a box on-the side.
> > >
> > > I don't understand this sentence.
> >
> > Sorry. :-).
> >
> > It is just extra commands to type. Nothing invasive.
> >
> > > > Simplifies installations, and if folks
> > > > dont want to use the applets, they won't have to.
> > >
> > > But they are still there, and having a bunch of kerberos stuff
> > > installed by default (as crypto is) is an additional security hazard
> > > to the system.
> >
> > How is having the kerberos tools hazardous?
>
> For example, there's been at least one security vulnerability in k5su
> over the past year (two if you count the different security policy
> behaviour).
>
> The bottom line here is that most people will never use kerberos, so
> installing it by default is an unnecessary security risk, and
> contributes to bloat. I don't understand why this change needed to be
> made; everything seemed to work fine having k5 in a separate
> distribution (the makefile logic was all correct, etc).
Seconded here; I'd rather have things going along the old way.
./danfe
More information about the cvs-src
mailing list