From owner-freebsd-security  Tue Jan  1 22: 0: 6 2002
Delivered-To: freebsd-security@freebsd.org
Received: from zibbi.icomtek.csir.co.za (zibbi.icomtek.csir.co.za [146.64.24.58])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9AABC37B427; Tue,  1 Jan 2002 22:00:00 -0800 (PST)
Received: (from jhay@localhost)
	by zibbi.icomtek.csir.co.za (8.11.6/8.11.6) id g025xaX94943;
	Wed, 2 Jan 2002 07:59:36 +0200 (SAT)
	(envelope-from jhay)
From: John Hay <jhay@icomtek.csir.co.za>
Message-Id: <200201020559.g025xaX94943@zibbi.icomtek.csir.co.za>
Subject: Re: openssh version
In-Reply-To: <20020101130601.A153@gohan.cjclark.org> from "Crist J. Clark" at "Jan 1, 2002 01:06:01 pm"
To: cjclark@alum.mit.edu
Date: Wed, 2 Jan 2002 07:59:35 +0200 (SAT)
Cc: rwatson@FreeBSD.ORG (Robert Watson),
	jhay@icomtek.csir.co.za (John Hay), randy@psg.com (Randy Bush),
	freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL54 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> 
> > Eivind Eklund was looking at merging our various localizations forward
> > (including PAM), and I'd really like to look at an upgrade in the post-4.5
> > scenario.  Getting it in before the release is (at this point) out of the
> > question, however.
> 
> And this is the crux of the issue. Merging a new vendor version of
> OpenSSH is non-trivial. In addition, there are frequently back
> compatiblility issues (e.g. with configuration files) with new versions
> of OpenSSH. For each person who asks, "Why isn't FreeBSD using the
> bleeding-edge OpenSSH?" there will be several on -stable, "I just did
> an installworld on a remote machine, and I can't access it via SSH any
> more." Creating the potential for problems like this in STABLE is
> bad. For these reasons and others, it is often more practical to patch
> security fixes in the FreeBSD tree than to import fixes (and other
> changes that come with it) from the vendor.

Well I can accept your argument for -stable, although bigger changes has
gone in -stable in the past, but what about -current? My -current boxes
also still claim: "sshd version OpenSSH_2.9 FreeBSD localisations 20011202"
And this is the problem, if we don't have -current upgraded we have little
chance in getting wrinkles out and very little chance of it going in
-stable.

Also maybe we should think again about all our local changes and if all
of them are really necesary. If we can ditch some, that will also make it
a lot easier to upgrade.

John
-- 
John Hay -- John.Hay@icomtek.csir.co.za

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message