On Sat, Jul 16, 2022 at 10:19 PM Guillem Jover <guil...@debian.org> wrote:

> Hi!
>
> There's been talk about switching away from netkit-telnet and
> netkit-telnetd as the default implementations for some time now,
> and replacing them with the ones from inetutils, which is a maintained
> project and does see releases (even though with a long cadence).
>
> This has been discussed somehow in #982253 and #987729.
>
> These packages currently use a pair of virtual packages to denote
> that they are a telnet or telnetd implementation (telnet-client and
> telnet-server). One problem is that currently the netkit implementations
> use the generic telnet and telnetd package names, which is a clear way
> to mark them as the default implementations (instead of say the other
> convention of naming or providing a default-foo package). Another is
> that several packages depend on these generic names instead of the
> virtual packages, see below for a list that would deserve a non-blocking
> "mass" bug filing, which I can handle as part of the switch.
>
> The inetutils-telnet recently got support for the missing «-b» option
> for compatibility with netkit-telnet.
>
> The inetutils-telnetd and netkit-telnetd have diverging options and some
> conflicting ones, but after pondering about it I don't think this should
> be a major issue, as the daemon does not tend to get called by users from
> scripts and similar. For completeness the divergences are these:
>
>    inetutils-telnetd               netkit-telnetd
>    -----------------               --------------
>    short and long options          short options
>    <missing>                       -D (unimplemented «exercise» mode)
>    -D (debug modes «auth», «encr») -edebug
>    -S, --server-principal          -S (used to set the IP TOS)
>    -E, --exec-login                -L
>    -l, --linemode                  <missing>
>    -U, --reverse-lookup            -N (related but not exactly the same)
>
>
> Simon Josefsson (CCed), who is one of the inetutils upstream maintainers,
> recently adopted the netkit-telnet source package in Debian, which he'd
> prefer to keep around for a smoother transition period, in case users
> want or need to revert back.
>
>
>
> So, the idea would be for src:inetutils to take over the telnet and
> telnetd binary packages and make them transitional packages depending
> on the inetutils variants, for a smooth upgrade, and in addition also
> start providing them by the inetutils-<name> packages.
>
> The src:netkit-telnet would then switch to ship netkit-telnet and
> netkit-telnetd binary packages (this would ideally be uploaded to
> experimental first, so that once ACCEPTED it can be uploaded to sid
> once we start the switch, with no missing implementation in between).
>
> I'm inclined to do it in this order to potentially avoid two trips over
> NEW, and to reduce any potential disruption period.
>
> In the future (after the next stable release) the telnet/telnetd
> packages could be switched to be pure virtual packages, taking the role
> of denoting the current default implementation, instead of introducing
> default-<foo> variants, as that's what users are currently used to, and
> it would keep working even if the depending packages below do not update
> their dependencies.
>
> We'd file an override request against ftp.debian.org to get the
> inetutils-telnet Priority bumped to standard to match the current
> telnet package (which could get then its Priority lowered to optional).
>
> Currently inetutils and netkit have the same alternative priority
> for telnet, I'd probably bump it also to 150 for inetutils to take
> precedence.
>
>
> If there are no objections, we could probably start working on this
> switch in a couple of weeks or so.
>
>
>
> List of packages depending on telnet (but not telnet-client):
>
>   forensics-extra (Depends)
>   lava (Depends)
>   live-task-standard (Depends)
>   mininet (Depends)
>   vland (Depends)
>   zssh (Depends)
>
>   dish (Recommends against all current implementations)
>   lava-dev (Recommends)
>   lava-dispatcher (Recommends)
>   live-task-extra (Recommends)
>   pdudaemon (Recommends)
>
>   libtelnet-dev (Suggests)
>   libtelnet-utils (Suggests)
>   procserv (Suggests)
>   ser2net (Suggests)
>   tucnak (Suggests)
>
> List of packages depending on telnetd (but not telnet-server):
>
>   telnetd-ssl (Conflicts)
>   nyancat-server (Conflicts)
>
>
> Thanks,
> Guillem
>
> Telnet is old, insecure and should not be used any more. What is the point
of packaging a Telnet daemon when everyone should be using SSH. Telnet
Client I can see because a person may need to connect to a router or switch
that is still using telnet or hasn't had SSH Certificates generated yet.

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

Reply via email to