I'm not sure that this change would be universally welcomed... why would a user want or expect that installing a DVCS tool (bzr) would "behind their back" mess with files under ~/.ssh/ (or worse, with system-wide SSH configuration!)?
Is there anything wrong with being asked accept the LP SSH keys? It works, and it is expected behaviour when accessing any new repository over an ssh-protected link, surely. It is quick and simple already. The bug submitter does not seem to me to have made a clear case for treating this one remote repository (Launchpad) as being in any way different from all others. IMO, bzr users are in general not your average Ubuntu user, they are often developers, who understand more of the system than most (there's often not much point grabbing code using bzr if you are *not* a developer). Given that intended user population, I'd suggest that prompting the user before adding SSH keys is the desired (correct) behaviour. Use cases where the current approach causes a problem would be good to have documented, I think. Bug #238869, that when using one particular Windows SSH client it doesn't even ask you to accept the new key, is clearly a bug -- but one with that client, rather than one with bzr, I think. Overall, if a set of known SSH keys is to be provided by default, I'd think the expected place for doing that would be in the openssh packages, not in bzr ? Overall, though, I think only using keys the user has confirmed they want to use is better, both from a security perspective and from the principle of least surprise. -- bzr should install launchpad ssh host keys https://bugs.launchpad.net/bugs/296110 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
