authorized_keys2 directory idea
Pekka Savola
pekkas at netcore.fi
Tue Jun 5 06:10:01 EST 2001
On Mon, 4 Jun 2001, Markus Friedl wrote:
>
> right now openssh is already a little bit too fat,
> since i did accept to many patches in the past :)
>
> so, perhaps, we should only add patches if the remove lines from
> openssh and make everything _simpler_.
>
> remember, this is a security program:
>
> "complexity is the enemy"
Too much simplicity will also hinder usability, unfortunately. Some like
programs simpler than others; many think OpenBSD takes KISS paradigm
sometimes too far -- others like it that way. The extent of features
optimally included depends on the application. I consider ssh one of
those that needs more than the average. Just my humble IMO of course.
It would be nice if it was possible to get the main ssh/sshd thinner, and
put more functionality in completely non-privileged "modules". That way
security-critical code hopefully could be minimized and cleaned, while
keeping the usability and most features in.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list