Date: Sun, 7 Aug 2016 08:40:14 -0600 From: Warner Losh <wlosh@bsdimp.com> To: Andrey Chernov <ache@freebsd.org> Cc: Slawa Olhovchenkov <slw@zxy.spb.ru>, Bruce Simpson <bms@fastmail.net>, Oliver Pinter <oliver.pinter@hardenedbsd.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@freebsd.org> Subject: Re: svn commit: r303716 - head/crypto/openssh Message-ID: <4D28752C-0584-4294-9250-FA88B0C6E805@bsdimp.com> In-Reply-To: <7237f5e6-fd65-a7e5-7751-4ed1c464b39a@freebsd.org> References: <201608031608.u73G8Mjq055909@repo.freebsd.org> <d419bddd-fe56-bc11-8965-142ca0b94ebc@fastmail.net> <9a01870a-d99d-13a2-54bd-01d32616263c@fastmail.net> <CAPQ4fftQ30_aqU8V_ea-WEKBdMZs5H9Rwxnfa0crid_df049nQ@mail.gmail.com> <b99c06ac-82d6-ccda-419c-2ece5be4636f@fastmail.net> <30e655d1-1df7-5e2a-fccb-269e3cea4684@freebsd.org> <20160807125227.GC22212@zxy.spb.ru> <7237f5e6-fd65-a7e5-7751-4ed1c464b39a@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Aug 7, 2016, at 7:21 AM, Andrey Chernov <ache@freebsd.org> wrote: >> >>> We can't turn our security >>> team into compatibility team, by constantly restoring removed code, such >>> code quickly becomes outdated and may add new security holes even being >>> inactive. >> >> What is security hole by present this ciphers in _client_? > > It is obvious, but it will be better for you to ask openssh author about > his decisions, I have no intention to act like explainer of his action. That’s a cop-out answer. We, as a project, need to articulate to our users, whom we care about, why this rather obnoxious hit to usability was taken. The answer must be more complete than “We just disabled it because upstream disabled it for reasons we’re too lazy to explain or document how to work around" Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D28752C-0584-4294-9250-FA88B0C6E805>