From owner-freebsd-stable  Thu Jan  3 12: 8:27 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id 64E7E37B416
	for <stable@FreeBSD.ORG>; Thu,  3 Jan 2002 12:08:23 -0800 (PST)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id NAA27927;
	Thu, 3 Jan 2002 13:08:04 -0700 (MST)
Message-Id: <4.3.2.7.2.20020103130319.02a28af0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 03 Jan 2002 13:07:27 -0700
To: Joe Clarke <marcus@marcuscom.com>
From: Brett Glass <brett@lariat.org>
Subject: Re: Please integrate OpenSSH 3.x
Cc: stable@FreeBSD.ORG
In-Reply-To: <1010087964.86152.14.camel@shumai.marcuscom.com>
References: <4.3.2.7.2.20020103124027.02a29860@localhost>
 <4.3.2.7.2.20020103124027.02a29860@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

At 12:59 PM 1/3/2002, Joe Clarke wrote:

>While I haven't been following the -security thread, I'm not sure if
>this is necessary.  The OpenSSH in FreeBSD has received specific FreeBSD
>"localizations" to fix bugs that may have arisen.  

If so, this amounts to a fork... which runs the risk of missing
or delaying subtle changes that might have implications for
security or functionality. Why create work by forking the code
rather than having the changes integrated?

>Also, the OpenSSH
>port in /usr/ports/security/openssh-portable now supports a 
>OPENSSH_OVERWRITE_BASE make option to replace the base SSH installation.

This is assuming that one is working from the ports and not
the packages. Very often, we don't install the ports on a system
because (a) they take up much space and (b) they become obsolete
quickly.

>Just add NO_OPENSSH=true in /etc/make.conf, and you'll be set.

We rarely do a "make world" on a production machine. But we do
need them to have the latest OpenSSH from the get-go!

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message