Date: Mon, 24 Jun 2002 21:52:32 -0500 From: "Jacques A. Vidrine" <nectar@freebsd.org> To: Robert Watson <rwatson@freebsd.org> Cc: FreeBSD Security <security@freebsd.org> Subject: Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability (fwd) Message-ID: <20020625025232.GC43738@madman.nectar.cc> In-Reply-To: <Pine.NEB.3.96L.1020624221349.43916G-100000@fledge.watson.org> References: <20020624220229.A92101@cowbert.2y.net> <Pine.NEB.3.96L.1020624221349.43916G-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 24, 2002 at 10:18:19PM -0400, Robert Watson wrote: > In order to do this and maintain PAM > support, we'll be jumping from the base OpenSSH distribution to the > OpenSSH-portable distribution, which includes support for PAM (as PAM is > not used in OpenBSD). As a side note, this just forced the issue. It is kind of a historical mistake that OpenSSH-portable was not imported in the first place, and there have been several discussions to make this switch in the past. DES has been kind enough to make the switch with this upgrade (or maybe he is just trying to save some of his sanity :-) > It's not yet clear how we should handle OpenSSH and the various RELENG_4_X > branches; it might depend a bit on the complexity of the merge work and > the nature of the vulnerability once vulnerability information is > published. It entirely depends on these things. Due to the nature of the branch (minimize featuritus, just security bug fixes), my feeling is that OpenSSH will simply be patched, once we know what the problem is. One following the RELENG_4_X branches _generally_ should not need to reconfigure their systems, and this precludes most whole-package updates. > Typically for patch levels on released versions, we've adopted > a highly conservative approach for security bug fixes, avoiding complex > and risky changes and leaning in a more minimal direction. Obviously > which way we go on that one will depend on the nature of the > vulnerability. Oops, I think I just repeated what you said. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020625025232.GC43738>