> I would never ever install your distro for this reason alone.

And you are? Completely mystified as to why you'd think I would care. I built this distro for me and my people, not you. That's the whole point. We're getting off this ride.

> Someone has already pointed out that old/deprecated/obsolete software like a telnet client represent tech debt.

Not a subscriber to this religion. There is nothing about new software that inherently makes it safe, and nothing about old software that inherently makes it vulnerable.

New flaws are introduced all the time, and old bugs do get found and fixed.

I can patch old code. I can't guarantee that new code doesn't contain bugs.

The ONLY way to ensure code is flawless is through validation--mathematical proof. When you have devised a proof framework that I can use across my distro, get back to me. At this time you're nowhere near that level, and are therefore unqualified to lecture anyone about security.

> Removing the telnet client was, in part, a recognition that its complementary server was deprecated and unsafe.

Unsafe? On my personal LAN? I think not.

You don't get to just 'deprecate' things that I might need, or want to use for perfectly valid reasons.

That's the entire point of my distro: computing the way I WANT IT, not the way Ubuntu wants it.

> If everyone was transitioned to ssh and nc, [and custom MUD clients], why keep telnet around?

Because it's 172 kilobytes. Contrast with the giant bloated carcass of everything else they shove in there that's oh-so-needed by the herd.

> Any software like this represents tech debt and a support burden for the upstreams and distros which carry them. You have unnecessarily assumed a burden in this way.

I'm a distro maintainer. Hello? Telnet represents ZERO maintenance burden for me. There are no operators standing by on hotlines to "support" any of this. It's a 172 kilobyte utility.

> Furthermore, ask the maintainers of OpenBSD or any hardened OS about attack surfaces. The more software that you cram into the default distribution, the more bundled features an OS or system has, you are multiplying your potential vulnerabilities, your zero-days, and your future CVE/patch updates.

Nobody can magically teleport themselves inside my computer and compromise my telnet client. Nobody is injecting packets into my LAN.

> Especially in the face of growing supply-chain attacks and LLM-automated vulnerability disclosure. Your focus should be on limiting attack surface in every regard.

You're concerned about supply chain attacks, so your mitigation is...doubling down on getting the Latest Updates to everything? Because new code is inherently good.

Telnet has to go--way too risky to keep that around--but KDE/Gnome/systemd/etc stays?

'traceroute' is useless and dangerous, but let's keep the giant QT framework with its vendored copy of Chromium? (That's QT5 and QT6, each with a vendored Chromium, mind you.)

Chromium, by the way, itself represents tens of gigabytes of code/data now inside its repository, with 'third party' directories vendored three or even four levels deep. But a 72k traceroute utility is likely to be packed with security flaws and should be avoided.

> It is good practice for everyone to uninstall unnecessary apps and software. Whether you use Android, iOS, Mac, Linux, BeOS or Plan9 or Inferno. Do not install and maintain software that you do not use or need. It will come back to bite you.

Completely wrong and misleading theory of security you are proposing here.

I devised this new distro exactly because I was tired of my computing experience being shaped and controlled by clueless kids with intellectually bankrupt arguments and/or wolves in sheeps' clothing.