From owner-freebsd-current@freebsd.org Tue Nov 10 10:31:44 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3CACDA2B63E; Tue, 10 Nov 2015 10:31:44 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from smtp.digiware.nl (unknown [IPv6:2001:4cb8:90:ffff::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0087F1E16; Tue, 10 Nov 2015 10:31:43 +0000 (UTC) (envelope-from wjw@digiware.nl) Received: from rack1.digiware.nl (unknown [127.0.0.1]) by smtp.digiware.nl (Postfix) with ESMTP id 3761E15340A; Tue, 10 Nov 2015 11:31:39 +0100 (CET) X-Virus-Scanned: amavisd-new at digiware.nl Received: from smtp.digiware.nl ([127.0.0.1]) by rack1.digiware.nl (rack1.digiware.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sD41gIopJETe; Tue, 10 Nov 2015 11:31:17 +0100 (CET) Received: from [IPv6:2001:4cb8:3:1:d119:ed2b:ab19:e9bb] (unknown [IPv6:2001:4cb8:3:1:d119:ed2b:ab19:e9bb]) by smtp.digiware.nl (Postfix) with ESMTP id 1E798153416; Tue, 10 Nov 2015 10:58:43 +0100 (CET) Subject: Re: OpenSSH HPN To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= , freebsd-current@freebsd.org, freebsd-security@freebsd.org References: <86io5a9ome.fsf@desk.des.no> From: Willem Jan Withagen Organization: Digiware Management b.v. Message-ID: <5641BFC4.7050208@digiware.nl> Date: Tue, 10 Nov 2015 10:58:28 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <86io5a9ome.fsf@desk.des.no> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2015 10:31:44 -0000 On 10-11-2015 10:42, Dag-Erling Smørgrav wrote: > Some of you may have noticed that OpenSSH in base is lagging far behind > the upstream code. > > The main reason for this is the burden of maintaining the HPN patches. > They are extensive, very intrusive, and touch parts of the OpenSSH code > that change significantly in every release. Since they are not > regularly updated, I have to choose between trying to resolve the > conflicts myself (hoping I don't break anything) or waiting for them to > catch up and then figuring out how to apply the new version. > > Therefore, I would like to remove the HPN patches from base and refer > anyone who really needs them to the openssh-portable port, which has > them as a default option. I would also like to remove the NONE cipher > patch, which is also available in the port (off by default, just like in > base). Hi Des, I know I've installed the ports once to see if, and how I would be able to add more IP-address infor to some of the warnings and errors. And then to get thos errors recognised by tools like sshguard and fail2ban. Only to find out that the code in that area in ports is completely different from what is in base. And submitting "patches" for that, even upstream, would be faily useless. So I understand the trouble you might have in getting other stuff in as well Getting the base version more inline with ports would be a real good thing. I guess you need to manage the fallout that there is going to be from those that expect HPN to be in base, and now suffer preformance issues. --WjW