Vendor comments on plan to remove telnet, ftp and eventually appl/bsd

[Russ Allbery]

Sam Hartman <hartmans at mit.edu> writes:

> OK.  I don't know whether we plan on meeting this requirement; I rather
> suspect not.  We'll try to keep command line compatibility for ftp and
> telnet, but our assumption is that no one actually wants to maintain a
> Kerberos bsd application set for us to recommend and that we'll be
> dropping that technology as soon as there is a viable alternative.

The BSD application set, particularly klogind and Kerberized rlogin, are
very useful applications because they're extremely simple.  They don't try
to do very much, and as such they have a *significantly* better security
track record than ssh does.

I'm really hesitant to replace those programs with some other set of
applications that try to do more, because that will inevitably mean that
there will be more security vulnerabilities.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>