From owner-freebsd-security@freebsd.org Fri Nov 13 02:28:55 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2E90A2DE0C; Fri, 13 Nov 2015 02:28:55 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 145661183; Fri, 13 Nov 2015 02:28:54 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 12074423-f797f6d0000023d0-46-56454adf996b Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 1F.65.09168.FDA45465; Thu, 12 Nov 2015 21:28:47 -0500 (EST) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id tAD2Sk31030902; Thu, 12 Nov 2015 21:28:46 -0500 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id tAD2ShUX027633 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 12 Nov 2015 21:28:46 -0500 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id tAD2Sgug024123; Thu, 12 Nov 2015 21:28:42 -0500 (EST) Date: Thu, 12 Nov 2015 21:28:41 -0500 (EST) From: Benjamin Kaduk To: Dewayne Geraghty cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: Re: OpenSSH HPN In-Reply-To: Message-ID: References: <86io5a9ome.fsf@desk.des.no> <56428E8A.3090201@FreeBSD.org> <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrAIsWRmVeSWpSXmKPExsUixCmqrXvfyzXM4OM0GYub+yexW8x584HJ omfTEzYHZo8Zn+azeOycdZc9gCmKyyYlNSezLLVI3y6BK2P7r9iCqzwVs3rTGxhncnUxcnBI CJhI/Lgg3MXICWSKSVy4t56ti5GLQ0hgMZPEhKsfGEESQgIbGSWenM6CSBxikjh6+jBUVQOj xNxXW8CqWAS0JZ5dvs4EYrMJqEjMfLORDcQWETCQuH3hJJjNLGArsXDzKjBbWEBC4tmfTawg NqdAoMSV1zeYQWxeAUeJzT9/MUEseM0k8WvBEbCEqICOxOr9U1ggigQlTs58wgIxVEti+fRt LBMYBWchSc1CklrAyLSKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI10wvN7NELzWldBMjKGDZXZR3 MP45qHSIUYCDUYmHd8cLlzAh1sSy4srcQ4ySHExKorxfPVzDhPiS8lMqMxKLM+KLSnNSiw8x SnAwK4nwLn4GVM6bklhZlVqUD5OS5mBREufd9IMvREggPbEkNTs1tSC1CCYrw8GhJMHrD4xM IcGi1PTUirTMnBKENBMHJ8hwHqDhUzyBaniLCxJzizPTIfKnGBWlxHmngyQEQBIZpXlwveCE sptJ9RWjONArwrw7QKp4gMkIrvsV0GAmoMFfJJxABpckIqSkGhin/Yv7ej/+7+NZ/6YdFD70 0EOUcb3lxktlV+x1e4XjSt+K5vt7ck71EdIUEXd4//oER/i2d861oh/2Ok6S82ZYHf7kd2bb k+6y749u6rN8tBZr+j6VJZKjZqH+o5MZ8X1pKhsfeLyd/cjQ2mnusvx/3flZ394kXP+ss3dq 4Grb2yu/HPrRvWeWEktxRqKhFnNRcSIAyXEvZQMDAAA= X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Nov 2015 02:28:55 -0000 On Thu, 12 Nov 2015, Dewayne Geraghty wrote: > Heimdal is (and has been for some time) undergoing constant development. > For reasons unknown, they do not perform releases. I am aware of updates > from heimdal that are being applied to the samba project (in fact some of > the samba developers are also feeding into heimdal). The latest discussion > was that the heimdal project are going to release a 1.7 "sometime", > skipping 1.6 completely. Things seem to have slowed down a lot since the lead Heimdal developer got hired for Apple. They have Apple-internal changes that don't necessarily make their way back to the public project right away, and he is quite busy. There is no one who is employed to be a Heimdal release manager, and the main developers all have other projects -- putting out a release takes a fair bit of energy. MIT employs developers whose job descriptions include being the krb5 release manager, so there is financial support for putting out regular releases. Heimdal has changed plans to a 1.7 release because certain Linux distributions packaged a snapshot of the 1.6 tree (to support Samba, as I understand it), but then Heimdal development continued so that what would be in the next release would not really reflect what was already deployed using the 1.6 label. As I understand it, there are still a couple bugfixes/features that are considered to be blockers for the 1.7 release that have not been implemented yet, and since the developers in question are being paid to work on other things, there is no real timeline for the release. -Ben Kaduk