Damien Miller
2024-Feb-02 12:37 UTC
Adding XDG BDS paths *as fallbacks only*, not replacing ~/.ssh
On Fri, 2 Feb 2024, 90 wrote:> Since I can't help but feel like my previous email is already being flat-out ignored, I would just like to reiterate: > > - I am not asking for ~/.ssh to stop being used. > - I am happy to contribute this myself with the blessing of the devs. > > All I would like is to be able to move files within ~/.ssh to their appropriate XDG paths and have OpenSSH continue to find these files without me needing to explicitly configure it to do so with either command options or root access for sshd. I would think this is a perfectly reasonable alternative to ask for, especially if the requirement is to prioritise the legacy ~/.ssh path for backwards compatibility. > > Would this please at least be taken into consideration? Thank you.No, sorry. This has been discussed extensively before, leading to the most uncivil discussion our bugtracker has ever seen and the only permanent user bans I've ever had to implement. Myself and the other developers have zero desire to relitigate this and no intention of implementing it. TLDR in case you can't find the past discssion: ssh is not a desktop program and predates the XDG specifications by two decades. Adding additional configuration paths is confusing and potentially risky for .ssh as, quite unlike usual "desktop" apps, it *grants system access* and having its configuration smeared across several possible paths makes managing this more confusing and brittle. -d
2 February 2024 at 12:37, "Damien Miller" <djm at mindrot.org> wrote:> > No, sorry. This has been discussed extensively before, leading to the > > most uncivil discussion our bugtracker has ever seen and the only > > permanent user bans I've ever had to implement. Myself and the other > > developers have zero desire to relitigate this and no intention of > > implementing it. > > TLDR in case you can't find the past discssion: ssh is not a desktop > > program and predates the XDG specifications by two decades. Adding > > additional configuration paths is confusing and potentially risky > > for .ssh as, quite unlike usual "desktop" apps, it *grants system > > access* and having its configuration smeared across several possible > > paths makes managing this more confusing and brittle. > > -d >I was afraid of this, but I understand that this is very much a sore point for the dev team and I won't try to press further with proper compliance in that case. At the very least, I would like to ask for another alternative to be able to at least "emulate" XDG support. Some programs provide an alternative environment variable of their own which may be used to relocate the entire directory in one go to some alternative path. GNU Privacy Guard, for example, provides a $GNUPGHOME variable which may be used to relocate ~/.gnupg to some place like $XDG_DATA_HOME/gnupg. Hence, would it be possible to provide an equivalent $SSH_HOME with which to relocate the entire directory to one XDG-compliant path if the user chooses to do so? At the very least, the files wouldn't then need to be spread out across multiple places. Kind regards.