Bill Allombert <bill.allomb...@math.u-bordeaux1.fr> writes: > On Tue, Jul 03, 2012 at 10:04:45AM -0700, Russ Allbery wrote:
>> Oh, right, for the client. Yes, yes. >> Well, personally I would not consider either the client's key or the >> known_hosts file to be configuration files. > In some common situation, the known_hosts is clearly a configuration > file. If ssh is restricted to connection to known hosts, then the user > is supposed to prefill the known_hosts file with the small set of hosts > that are allowed, then it became a configuration file. That is is one possible way to use the file, but I think the common usage of known_hosts is to do first-connect leap-of-faith, in which case it doesn't behave like a configuration file. I think it's perfectly acceptable to have an admin drop data into a /var/lib directory for non-default configurations of packages. I wouldn't use a hand-maintained file as the default configuration, since usually it's too much pain for insufficient security gain. But that's all just my opinion, and the known_hosts file is pretty easy to also symlink into /etc if Marc disagrees and feels like, for this package, it should really be hand-maintained. The private key of the client is trickier to turn into a configuration file, but there I really don't think it behaves like a configuration file anyway. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
