Thorsten Kukuk
2021-Feb-03 14:59 UTC
[PATCH] introduce vendordir for easier config file update
On Wed, Feb 03, Philipp Marek wrote:> >> So if there is no admin provided configuration file, the vendor file > >> from > >> /usr/share/ssh is used. If there is an admin provided configuration > >> file > >> in /etc/ssh, this one will be used by default. > > does nobody have an opinion about this? > > Well, with your solution: if the vendor file gets some new security > settings, > the admin file won't get them, and so the total security might go down. > (Example: "Protocol 2")If the admin creates an own copy, he has to maintain it like he has today. If the admin makes changes today, he also don't get the new security settings. So in worst case, the situation is as of today, you are right. But not in general. Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Felix Imendoerffer (HRB 36809, AG N?rnberg)