From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29900 invoked by alias); 16 Jul 2018 14:02:05 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 29777 invoked by uid 89); 16 Jul 2018 14:02:04 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy=H*r:sk:i26-v6s, businesses, iphone, dollars X-HELO: mail-pf0-f193.google.com Received: from mail-pf0-f193.google.com (HELO mail-pf0-f193.google.com) (209.85.192.193) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 16 Jul 2018 14:02:02 +0000 Received: by mail-pf0-f193.google.com with SMTP id i26-v6so14918407pfo.12 for ; Mon, 16 Jul 2018 07:02:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=9cAoI9bX4Anax3SeytRZ7RXlAeo8DXgBGf4Wnhqc1cI=; b=XZdtISTOBW1vCMSWjIvR6eSVau/Mxt+epQ3n/z8ecmX+bQzjuqt5mWsRwydaTWknlZ D9BQ7RTApfn6xkuOVSsp1JlYiOF22szsWsjiF2B0FsspaS+OtYZwzfZDgoHL8tfckJss Eer4C5cT13Bz+dEHumnpglKuCAzmlSVIRvBuWzOiljrEO59Z/MEGpJtM3Uy7u8oIEh5V 5av54HVzwQJhVgGmoACyVJH6fkF9G/dnO1NhtO0w9hhY/bcc9OoZj95WbcnnxJf4Jle1 4MfRdQIooJDLnSU5zCvBFLx16hxzM98K1PsRLjRbG/RF5+ezetMfesyb7V++CP+id1AI h0rQ== MIME-Version: 1.0 Received: by 2002:a17:90a:3b42:0:0:0:0 with HTTP; Mon, 16 Jul 2018 07:02:00 -0700 (PDT) In-Reply-To: References: <20180716045535.af47b237719e6c55cd55a9f3@nifty.ne.jp> <87lgabshnb.fsf@Rainer.invalid> <20180716174907.6de89a81b55e404dc62a4e18@nifty.ne.jp> <87h8kzsgbv.fsf@Rainer.invalid> <20180716091644.GB7249@calimero.vinschen.de> <20180716093257.GC7249@calimero.vinschen.de> From: Stephen John Smoogen Date: Mon, 16 Jul 2018 14:02:00 -0000 Message-ID: Subject: Re: [ITA] rsh-0.17-3 To: cygwin-apps@cygwin.com Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2018-07/txt/msg00047.txt.bz2 On 16 July 2018 at 09:54, cyg Simple wrote: > On 7/16/2018 5:32 AM, Corinna Vinschen wrote: >> On Jul 16 11:16, Corinna Vinschen wrote: >>> On Jul 16 11:03, Achim Gratz wrote: >>>> Takashi Yano writes: >>>>> I agree rlogin/rsh/rexec are outdated. However, most major Linux >>>>> and BSD distributions still provide them as a package. >>>>> >>>>> Should not Cygwin follow these as well? >>>> >>>> Even on the UN*X side the r-tools have been deprecated for so long it >>>> doesn't really make sense to use them anymore. The only sane way to use >>>> them is in fully isolated networks and I haven't seen any of those in >>>> decades. With Cygwin running on top of Windows there is ahole other set >>>> of issues to deal with and that makes it even more inappropriate to even >>>> offer those tools. IMHO, deferring to the security lead for Cygwin. >>> >>> We have a security lead? >> >> Personally I agree with Takashi, btw. Linux still provides the old r* >> tools including rsh-server. There may still be legit uses of the tools >> in controlled environments. if we remove all packages which can be used >> to shoot yourself in the foot, there's not much left, I guess. >> > > As security in businesses tend to require ssh over rsh the only use of > rsh I've seen recently is for legacy applications that used rsh and > currently have no maintenance. Does Cygwin have any of those? I think > it would be a less than 1% chance. > >> As a compromise, we could continue to provide the client package and >> just discontinue the server package, but it's your choice. >> > > What use would there be even for the client? Even in my home mode > connecting to BlueHost or any other such service I need ssh to connect > to my server. > Most of the rsh usage is going to be legacy hardware and systems which various places still have in good numbers. Various industrial and lab components might have been built in 1995 and is slower than your iphone but the replacement costs tens or hundreds of millions of dollars... (and still uses rsh for backwards compatibility). Payroll systems in other places use rsh and rcp and cost large amounts to 'upgrade'. The people running these don't show up mailing lists because they may not even know that the system uses rsh/telnet or some other obscure thing.. they just run a script on a Windows desktop that someone wrote years ago. They only show up when stuff stops working. > -- > cyg Simple -- Stephen J Smoogen.