[arch-dev-public] [signoff] openssh-5.7p1-1

Guillaume ALAUX guillaume at alaux.net
Wed Jan 26 05:29:56 EST 2011

On Wed, 2011-01-26 at 11:24 +0100, Gaetan Bisson wrote:
> [2011-01-26 11:14:30 +0100] Tobias Powalowski:
> > So I would say, enable at least PAM again in default config.
> I do not understand why.
> I am a bit more confident in the ability of openssh upstream devs to
> configure their software as I am in Gentoo/Fedora's.
> PAM is only required for "advanced" kinds of authentication, so it seems
> quite logical to me that users would have to enable it themselves.

I think we are dealing with 2 issues here:
  - do we ship the default upstream config file?
  - if answer to previous is No then which option do we set as default?

We reverted back to the upstream conf to follow the Arch idea. We
implicitly say "Power user, do your job when installing a SSH server". I
understand your concern about minimum security but user should know how
to configure an openSSH server if they need one. And if they don't maybe
let's add an secure example in the wiki.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20110126/4b36df79/attachment.asc>

More information about the arch-dev-public mailing list