authorized_keys2 directory idea

Theo de Raadt deraadt at
Mon Jun 4 18:28:57 EST 2001

> I agree.  However, taking such a stand brings with it a risk of
> psuedo-forking.  You say you won't take this patch because the feature is
> unnecesary bloat.  The patch writer says okay, and just rolls it in
> himself on all his boxes.  He also posts it on his website, and all the
> other people who liked the idea download it and roll it into their local
> installations.

By all means.  It's free software.  Go make a version that is
incompatible with all the various SSH books.  Hang yourself.

Fact is, Silverman's book clearly describes how OpenSSH works now.
You want us to change it.  Get real.  This isn't even a smart
conversation, a smart idea, it's just stupid and wasting time.

> Now bug reports start coming in, and incompatibilities start creeping in,
> and if neither the bug reporter nor the developers realize that the
> version in question has such an "un-authorized" patch, confusion will
> result.

Yes, and Markus will simply ignore those people.

> How many patches are already in this state?  SecurID?  SRP?  Some sftp
> chroot thing?  Others?  Again, I don't disagree with your statement, but
> the resultant risk should also be considered.

What you have stated is precisely what we are trying to avoid.  That
is why you will not get me supporting all these "buttons".

I think we should not distribute them.  If someone finds one, and uses
it, they are on their own.  If they report a problem and are using
some tweak, I think Markus and us other main OpenSSH developers should
ignore those requests, and instead forward them to people like you.
Then you will get a taste of how retarded variations like that are.

More information about the openssh-unix-dev mailing list