[ntp:questions] Autokey users - please read

Ryan Malayter malayter at gmail.com
Fri Sep 11 13:37:54 UTC 2009


I don't use autokey in production, but I would also suggest that if
the issue causes the reference implementation to violate RFCs and also
creates a security issue with key shortening, it should be fixed
without any options to go back to the bad behavior. Actually, the
security issue might in fact be major, if the a zero is randomly
generated in the first few bytes of the key, correct?

Please don't take the Microsoft route, where praying to the altar of
backwards compatibility means you are stuck with ugly hacks for
decades. That might make sense for MSFT and its customers, but I don't
think it makes sense here. The experts in this forum routinely advise
questioners "that's too old, upgrade to a newer release"; this
situation should prove no different.

-- 
RPM



More information about the questions mailing list