Subject: Re: CVS_RSH to ssh
To: None <>
From: gabriel rosenkoetter <>
List: tech-userlevel
Date: 06/18/2003 11:38:47
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 18, 2003 at 12:05:54AM -0400, Niels Provos wrote:
> Seems like a great idea to me.  Nobody should be using rsh any longer
> anyway, even on private networks.

I don't understand that sentiment at all. Using ssh buys me both
transfer time penalties AND processor penalties. And if I'm
transferring large (like, say, 500 GB) files, then those penalties
(especially the processor one) are HUGE. If I'd rather be using
those three processors in my Sun E450 for something else (like, say,
managing the Oracle DB for the client who paid for the damn thing),
then that's a tremendous loss.

On Wed, Jun 18, 2003 at 12:29:39AM -0400, Niels Provos wrote:
> I completely agree with you.  Use AFS or NFSv4 with GSS-API.

I am a sysadmin for a datawarehousing/marketing database company
where we do transfers of data in the TB quantities over private
gigabit Ethernet as a daily occurence. It's way too damn slow with
NFSv3 over UDP (especially since Solaris using Sun's no-jumbo-frame
ge driver is involved, but that's not the only reason), there isn't
a CHANCE I'd be interested in using GSS-API for this.

As for AFS... has OpenAFS gotten around to supporting > 2 GB files
yet? Is it less of a nightmare than living in a Giger painting
would be to install these days?

(I'm legitimately curious about those things, but one should
probably reply privately, since it's wildly off-topic here.)

> And as such there is no reason to expose innocent users to potential
> security problems by default.  If people want to shoot themselves
> into their feet, they might as well export CVS_RSH=3Drsh and not
> the other way around.

But why can't we just set CVS_RSH=3Dssh in the default environment,
rather than altering imported sources?

Or, if we really want the sources changed, why can't we just get the
CVS development team to change them at the source, since it's so
obviously the right thing to do?

On Wed, Jun 18, 2003 at 10:04:53AM -0400, Niels Provos wrote:
> On Wed, Jun 18, 2003 at 03:49:47PM +0900, wrote:
> > >Thus spake Greg A. Woods ("GAW> ") sometime Tomorrow...
> > >GAW> (Though I wasn't exaggerating about using NFS < v4...
> > >There's a v4 spec?
> > 	RFC3530
> FYI:

That's wonderful and I look forward to it (for home, where I do want
all of the things it offers, not for work, which I described above)
but can you see how suggesting use of NFSv4 on a NetBSD mailing
list is a bit of a no-op right now?

gabriel rosenkoetter

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.2 (NetBSD)