From owner-freebsd-ports Mon Jan 22 01:14:35 1996 Return-Path: owner-ports Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id BAA22198 for ports-outgoing; Mon, 22 Jan 1996 01:14:35 -0800 (PST) Received: from jhome.DIALix.COM (root@jhome.DIALix.COM [192.203.228.69]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id BAA22184 for ; Mon, 22 Jan 1996 01:14:30 -0800 (PST) Received: (from peter@localhost) by jhome.DIALix.COM (8.7.3/8.7.3) id RAA01212; Mon, 22 Jan 1996 17:14:25 +0800 (WST) Date: Mon, 22 Jan 1996 17:14:24 +0800 (WST) From: Peter Wemm To: ports@freebsd.org Subject: ssh /etc config files location.. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ports@freebsd.org Precedence: bulk Hi all... I am still somewhat disturbed with the location of some rather critical "per site" info from ssh in /usr/local/etc.. Specifically the ssh host secret keys, and the per-site config files. This is (IMHO) rather dangerous. If you NFS mount /usr/local, this will screw you rather badly. There are precedents against this too.. gated keeps it's config files in /etc. In my email exchanges with the SSH authors, they expressed suprise and then concern about FreeBSD doing this.. (I offered the make-known-hosts patch back to them). The make-known-hosts.pl patch is wrong, because it needs to get the /etc/ssh_host_key.pub from all hosts, not just freebsd ones. The original version works because /etc is architecture independent, and the one thing that all Unix hosts have in common. Things like the mailcap file is fine to be there in /usr/local/etc, IMHO. "Vital" per-host security-sensative stuff should not be. I'd like to undo the patches that do this... Does anybody want to try and convince me otherwise? :-) Cheers, -Peter PS: IMHO, it was a mistake adding the BUILD_DEPENDS in wish and perl5. it build's fine without them. It seems silly to require X11 to be installed in order to build the port..