Hi. Most tools from netkit are candidates for migration to GNU InetUtils, and rwho(d) may be another one -- see email and bug report below. Cc'ing debian-devel to have broader discussion.
First, I think we need to understand the rationale for doing anything about 'netkit-rwho': do we want to do something because 1) it is not maintained upstream? or 2) because it is an insecure design?, or 3) something else? I believe that like telnet and ftp the second argument is not convincing enough: sometimes you need these implementations for various strange things, and it is poor style to dictate what people must do with their software. The position I've taken in GNU InetUtils is that it is better for users to offer maintained tools and include a notice that they are insecure, rather to offer un-maintained tools and refuse to work further on them because they are insecure, putting users into a worse situation than before. Some people may disagree, and instead believe it is better to actively kill old things rather than continue support them. This is a subjective decision, and if people are willing to do the work to keep things alive, I think it is better to let them than to refuse this contribution. So, are our reason for doing anything about netkit-rwho really because netkit upstream is not maintained? If so, then one option is to add a rwho(d) implementation to GNU InetUtils and let that replace the netkit implementation in Debian. Historically, netkit tools have often had unclear or weird license situation, so my preference is to import rwho(d) from some of the BSD and to make that build for a wide variety of architectures and platforms like we do with other tools in GNU InetUtils. The BSD implementations are usually not intended to be portable, and often have some minor flaw that makes them troublesome to build on Debian -- we fix those issues in GNU InetUtils. That said, introducing yet another fork into the ecosystem shouldn't be done lightly, so we should explore some way to pool resources (like I've tried to establish with tnftp(d) maintainers when we have joint bugs). I haven't analyzed what rwho(d) implementations are out there. I see NetBSD/FreeBSD has one still in -current, but OpenBSD removed it during 5.x. Are people aware of any other implementations worth considering? What do you think? /Simon Gürkan Myczko <gur...@phys.ethz.ch> writes: > rwho(d) is a design from a different time, when networks were > trusted, and so on. It seems to me, we should and could stop > shipping it for trixie. > > I'm raising this bug now, to: > 1) establish awareness > > I was long aware of this, as I was using rwhod/ruptime when networks > were not split into thousand networks... > > 2) auto-rm it from trixie > > I'd rather have a migration path, not binary compatible, but > functionality compatible > > 3) give people time to chime in / secure replacements to show up > > Please have a look at https://github.com/alexmyczko/rutpime (there's > an ITP for it, and it has > been in new queue several times: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013361 > > After a while I intend to clone this bug to ftp.debian.org for > removal from unstable. > > Please do not remove it if possible. I really wish to have a migration > path for this, but well > we're waiting for ftp team. > > Best, > Alex > > Chris > >
signature.asc
Description: PGP signature
