On Fri, Jul 05, 2024 at 09:24:18AM +0200, Simon Josefsson wrote: > First, I think we need to understand the rationale for doing anything > about 'netkit-rwho': do we want to do something because 1) it is not > maintained upstream? or 2) because it is an insecure design?, or 3) > something else?
At least 1) and 2). > [..] > So, are our reason for doing anything about netkit-rwho really because > netkit upstream is not maintained? There is no upstream. Arch uses _us_ as their upstream. The last release tarball is stamped in the year 2000. > I haven't analyzed what rwho(d) implementations are out there. I see > NetBSD/FreeBSD has one still in -current, but OpenBSD removed it during > 5.x. Are people aware of any other implementations worth considering? IMO we should follow OpenBSD's 2015 (or earlier) decision. Chris
