Subject: Re: Policy questions
To: Jason Thorpe <>
From: Nathan J. Williams <>
List: tech-userlevel
Date: 12/29/2003 22:04:47
Jason Thorpe <> writes:

> On Dec 28, 2003, at 8:48 PM, Bruce J.A. Nourish wrote:
> >  * Have we considered removing r{sh,cmd,cp} from the base distribution?
> >    They are of dubious security and utility, and, I think, OpenBSD has
> >    already ditched them.
> There are plenty of legitimate uses for the r* commands, especially on
> private (or otherwise secure) networks.  I would strongly oppose
> removal of those commands.

I think we should keep the r* commands because people use them and I
believe in supplying rope, but I think that anyone who uses them in
the belief that some part of their network is "private" and thereby
secure is setting themselves up for a nasty surprise.

I would advocate that nobody should use the r* commands in their
thoroughly insecure (non-Kerberized) modes, but that NetBSD should
keep them until we can be sure nobody is using them anymore... which
is never.

        - Nathan