From owner-freebsd-security  Mon Jul  1  7:30:49 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 14B9B37B405
	for <freebsd-security@FreeBSD.ORG>; Mon,  1 Jul 2002 07:30:41 -0700 (PDT)
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4A53343E1A
	for <freebsd-security@FreeBSD.ORG>; Mon,  1 Jul 2002 07:30:40 -0700 (PDT)
	(envelope-from nectar@nectar.cc)
Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111])
	by gw.nectar.cc (Postfix) with ESMTP
	id D467365; Mon,  1 Jul 2002 09:30:39 -0500 (CDT)
Received: from madman.nectar.cc (localhost [IPv6:::1])
	by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g61EUd4N006719;
	Mon, 1 Jul 2002 09:30:39 -0500 (CDT)
	(envelope-from nectar@madman.nectar.cc)
Received: (from nectar@localhost)
	by madman.nectar.cc (8.12.3/8.12.3/Submit) id g61EUdeJ006718;
	Mon, 1 Jul 2002 09:30:39 -0500 (CDT)
Date: Mon, 1 Jul 2002 09:30:39 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: "JP Villa (Datafull.com)" <root@datafull.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Re[2]: openssh OR openssh-portable
Message-ID: <20020701143038.GM4764@madman.nectar.cc>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	Dag-Erling Smorgrav <des@ofug.org>,
	"JP Villa (Datafull.com)" <root@datafull.com>,
	freebsd-security@FreeBSD.ORG
References: <3D1AD7C4.9020909@cerint.pl> <xzp6604x5ue.fsf@flood.ping.uio.no> <41256714305.20020627163946@datafull.com> <xzpbs9wv172.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <xzpbs9wv172.fsf@flood.ping.uio.no>
User-Agent: Mutt/1.4i
X-Url: http://www.nectar.cc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Jun 27, 2002 at 11:52:49PM +0200, Dag-Erling Smorgrav wrote:
> "JP Villa (Datafull.com)" <root@datafull.com> writes:
> > I think the original question was pointing to this too,
> > so I rephrase: openssh or openssh-portable? or maybe
> > openssh 3.4 properly merged on a production codebase? and
> > in that case, when?
> 
> In my opinion, the latter is the best option, but it's your machine
> and your call.  Jacques Vidrine has the final word in this matter, and
> I can't speak for him, but I expect 3.4 will hit -STABLE (and
> hopefully the security branches) sometime next week.

At this time, OpenSSH 3.4 will not be merged into the security
branches.  They are currently not vulnerable, and major upgrades are
outside the scope of the security branches, particularly when such
upgrades are practically guaranteed to break existing installations.

Of course, OpenSSH 3.4 is always available via the Ports Collection,
and I would, in fact, recommend that users take advantage of it and
turn on PrivilegeSeperation if at all possible.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message