> I'm aware of that. My critique was specific to the "we take it out
> because it's dangerous to the user" part.
That's often an explanation but not the main motivation.
For the `none` cipher, I think it was, tho.
IIRC the problem was that using the `none` cipher causes the
authentication to be exposed in a way that is worse than using Telnet:
with Telnet you only expose the data you send to the wire, whereas with
SSH's `none` cipher you ended up exposing the data plus your
(valued) credentials.
> I'm torn on this one... Sometimes I've the impression that this leads to
> asocial software (i.e. nobody goes to any effort to make their software
> compatible to reasonable ranges of library (and other dependencies's)
> versions).
> Akin to the Flatpaks and Snaps of this world, perhaps with a less horrible
> dependencies management story).
Indeed, it has its downsides.
Stefan
