From owner-freebsd-security  Mon Jan 22 09:06:04 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id JAA27306
          for security-outgoing; Mon, 22 Jan 1996 09:06:04 -0800 (PST)
Received: from skiddaw.elsevier.co.uk (skiddaw.elsevier.co.uk [193.131.222.60])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA27291
          for <security@FreeBSD.org>; Mon, 22 Jan 1996 09:06:01 -0800 (PST)
Received: from snowdon.elsevier.co.uk (snowdon.elsevier.co.uk [193.131.197.164]) by skiddaw.elsevier.co.uk (8.6.12/8.6.12) with ESMTP id RAA21403 for <security@FreeBSD.org>; Mon, 22 Jan 1996 17:04:05 GMT
Received: from cadair.elsevier.co.uk (actually host cadair) by snowdon 
          with SMTP (PP); Mon, 22 Jan 1996 17:04:18 +0000
Received: (from dpr@localhost) by cadair.elsevier.co.uk (8.6.12/8.6.12) 
          id RAA09129 for security@FreeBSD.org; Mon, 22 Jan 1996 17:04:16 GMT
From: Paul Richards <p.richards@elsevier.co.uk>
Message-Id: <199601221704.RAA09129@cadair.elsevier.co.uk>
Subject: Re: ssh /etc config files location..
To: security@FreeBSD.org
Date: Mon, 22 Jan 1996 17:04:16 +0000 (GMT)
In-Reply-To: <199601221615.JAA21985@rocky.sri.MT.net> from "Nate Williams" at Jan 22, 96 09:15:10 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-security@FreeBSD.org
Precedence: bulk

In reply to Nate Williams who said
> 
> > I don't see the point to move security-related configs to /etc
> > and _not_ to move security binaries from /usr/local.
> 
> Because not everyone has worries about NFS security.

I don't think the security issue is the main one anyway. Like you said,
you either trust NFS or you simply don't use it and moving ssh files
off /usr/local because it might use NFS from a security point of
view is rather bogus.

The fact that the ssh files are *host specific* is a far more important
consideration. They should therefore be in a *genuinely* local part
of the filesystem.

> > I disagree with proposed solution (moving configs only to /etc).
> 
> I agree.

I disagree with /etc. These are not configuration files, they are
runtime modifiable files and should go in /var.

-- 
  Paul Richards. Originative Solutions Ltd.
  Internet: paul@netcraft.co.uk, http://www.netcraft.co.uk
  Phone: 0370 462071 (Mobile), +44 1225 447500 (work)