openssh unix dev - Feb 2024 - Adding XDG BDS paths *as fallbacks only*, not replacing ~/.ssh

On Fri, 2 Feb 2024, 90 wrote:
> Since I can't help but feel like my previous email is already being
flat-out ignored, I would just like to reiterate:
> 
> - I am not asking for ~/.ssh to stop being used.
> - I am happy to contribute this myself with the blessing of the devs.
> 
> All I would like is to be able to move files within ~/.ssh to their
appropriate XDG paths and have OpenSSH continue to find these files without me
needing to explicitly configure it to do so with either command options or root
access for sshd. I would think this is a perfectly reasonable alternative to ask
for, especially if the requirement is to prioritise the legacy ~/.ssh path for
backwards compatibility.
> 
> Would this please at least be taken into consideration? Thank you.
No, sorry. This has been discussed extensively before, leading to the
most uncivil discussion our bugtracker has ever seen and the only
permanent user bans I've ever had to implement. Myself and the other
developers have zero desire to relitigate this and no intention of
implementing it.

TLDR in case you can't find the past discssion: ssh is not a desktop
program and predates the XDG specifications by two decades. Adding
additional configuration paths is confusing and potentially risky
for .ssh as, quite unlike usual "desktop" apps, it *grants system
access* and having its configuration smeared across several possible
paths makes managing this more confusing and brittle.

-d

2 February 2024 at 12:37, "Damien Miller" <djm at mindrot.org>
wrote:
> 
> No, sorry. This has been discussed extensively before, leading to the
> 
> most uncivil discussion our bugtracker has ever seen and the only
> 
> permanent user bans I've ever had to implement. Myself and the other
> 
> developers have zero desire to relitigate this and no intention of
> 
> implementing it.
> 
> TLDR in case you can't find the past discssion: ssh is not a desktop
> 
> program and predates the XDG specifications by two decades. Adding
> 
> additional configuration paths is confusing and potentially risky
> 
> for .ssh as, quite unlike usual "desktop" apps, it *grants system
> 
> access* and having its configuration smeared across several possible
> 
> paths makes managing this more confusing and brittle.
> 
> -d
>
I was afraid of this, but I understand that this is very much a sore point for
the dev team and I won't try to press further with proper compliance in that
case.

At the very least, I would like to ask for another alternative to be able to at
least "emulate" XDG support. Some programs provide an alternative
environment variable of their own which may be used to relocate the entire
directory in one go to some alternative path. GNU Privacy Guard, for example,
provides a $GNUPGHOME variable which may be used to relocate ~/.gnupg to some
place like $XDG_DATA_HOME/gnupg. Hence, would it be possible to provide an
equivalent $SSH_HOME with which to relocate the entire directory to one
XDG-compliant path if the user chooses to do so? At the very least, the files
wouldn't then need to be spread out across multiple places.

Kind regards.