Mon Jul 16 13:54:00 GMT 2018
On 7/16/2018 5:32 AM, Corinna Vinschen wrote:
> On Jul 16 11:16, Corinna Vinschen wrote:
>> On Jul 16 11:03, Achim Gratz wrote:
>>> Takashi Yano writes:
>>>> I agree rlogin/rsh/rexec are outdated. However, most major Linux
>>>> and BSD distributions still provide them as a package.
>>>> Should not Cygwin follow these as well?
>>> Even on the UN*X side the r-tools have been deprecated for so long it
>>> doesn't really make sense to use them anymore. The only sane way to use
>>> them is in fully isolated networks and I haven't seen any of those in
>>> decades. With Cygwin running on top of Windows there is ahole other set
>>> of issues to deal with and that makes it even more inappropriate to even
>>> offer those tools. IMHO, deferring to the security lead for Cygwin.
>> We have a security lead?
> Personally I agree with Takashi, btw. Linux still provides the old r*
> tools including rsh-server. There may still be legit uses of the tools
> in controlled environments. if we remove all packages which can be used
> to shoot yourself in the foot, there's not much left, I guess.
As security in businesses tend to require ssh over rsh the only use of
rsh I've seen recently is for legacy applications that used rsh and
currently have no maintenance. Does Cygwin have any of those? I think
it would be a less than 1% chance.
> As a compromise, we could continue to provide the client package and
> just discontinue the server package, but it's your choice.
What use would there be even for the client? Even in my home mode
connecting to BlueHost or any other such service I need ssh to connect
to my server.
More information about the Cygwin-apps