[PATCH] Updated *sh://host... patch

Matt Mackall mpm at selenic.com
Tue May 20 19:10:28 CDT 2008


On Tue, 2008-05-20 at 22:56 +0200, peter.kourzanov at xs4all.nl wrote:
> Matt,
> 
>   There is krb5-rsh, which is as secure as Kerberos is.

In theory. In practice, it's quite likely that the rsh upon which
krb5-rsh is built has numerous security holes that no one's bothered
looking for because sensible people all did s/rsh/ssh/ a decade ago.

>  Heck,
> there is even ssh-krb5 support...
> 
>   So, why do you say rsh is not supported? It works for me...

It's not supported in the sense that if someone says "hey, I used rsh to
push and someone broke into my system", and I say "why the hell did you
think that was a good idea?" they don't get to say "I'm an idiot and it
was in the manpage". Because rsh is NOT going to be in the manpage. And
if it's not in the manpage, there's no point of having any special
support for it in the code beyond the generic --ssh functionality.

I can see that using krb5-rsh and ssh targets with the same repo is
going to be slightly annoying, but if you must use Kerberos, you should
be using it with ssh anyway. At which point it becomes entirely an ssh
config issue and hg is out of the picture.

-- 
Mathematics is the supreme nostalgia of our time.



More information about the Mercurial-devel mailing list