|
|
|
|
|
|
by xoa
3472 days ago
|
|
|
I disagree with bandrami in this case, but I don't think this is quite right either because you focused on an instance-specific goal rather then universal principle: >As a programmer you have the right (or maybe even obligation?) to write secure software and I would argue software that's hard or impossible to use insecurely. There is plenty of software where secure usage is not a concern and that's fine. Rather, it would be better to say that as programmers we have the job to ensure that our software is as fit for primary expected purpose as possible, and in particularly lacks any surprising gotchas. Sometimes within a given program's core purpose there are decisions that can only be properly made as part of deployment/usage and those are appropriately left to the sysadmin/user, but if something is directly contrary to core purpose then it's always worth questioning whether it needs to change. In the case of OpenSSH in particular the core purpose is in fact secure links. We've all long had an insecure very fast virtual terminal system if we wanted it and it's called Telnet. There is no reason that any available built-in mode of OpenSSH crypto should ever be insecure. Asking to have obsolete methods generally considered to no longer be reliable to be "left up to the sysadmin" would be like asking it to have rot13 as a sysadmin option: completely contrary to the purpose and expected function of the program. Not just in security but in software in general any extra switches carry both developmental load (more code to go wrong), deployment load (more possibilities to make mistakes) and cognitive load, so they should always be considered to have inherent negative value and then asked to justify themselves, not considered to stick around forever by default. |
|
|