Bill Allombert <bill.allomb...@math.u-bordeaux1.fr> writes:
> On Tue, Jul 03, 2012 at 10:04:45AM -0700, Russ Allbery wrote:

>> Oh, right, for the client.  Yes, yes.

>> Well, personally I would not consider either the client's key or the
>> known_hosts file to be configuration files.

> In some common situation, the known_hosts is clearly a configuration
> file.  If ssh is restricted to connection to known hosts, then the user
> is supposed to prefill the known_hosts file with the small set of hosts
> that are allowed, then it became a configuration file.

That is is one possible way to use the file, but I think the common usage
of known_hosts is to do first-connect leap-of-faith, in which case it
doesn't behave like a configuration file.

I think it's perfectly acceptable to have an admin drop data into a
/var/lib directory for non-default configurations of packages.  I wouldn't
use a hand-maintained file as the default configuration, since usually
it's too much pain for insufficient security gain.

But that's all just my opinion, and the known_hosts file is pretty easy to
also symlink into /etc if Marc disagrees and feels like, for this package,
it should really be hand-maintained.

The private key of the client is trickier to turn into a configuration
file, but there I really don't think it behaves like a configuration file
anyway.

-- 
Russ Allbery (r...@debian.org)               <http://www.eyrie.org/~eagle/>



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to