From owner-freebsd-current@freebsd.org Tue Nov 10 17:22:22 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B996A2C3E6; Tue, 10 Nov 2015 17:22:22 +0000 (UTC) (envelope-from michael+lists@burnttofu.net) Received: from burnttofu.net (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "burnttofu.net", Issuer "burnttofu.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 67AE4127C; Tue, 10 Nov 2015 17:22:22 +0000 (UTC) (envelope-from michael+lists@burnttofu.net) Received: from schuylkill.es.net (schuylkill.es.net [198.128.1.116]) (authenticated bits=0) by burnttofu.net (8.15.2/8.14.9) with ESMTPSA id tAAHL0sX054155 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 10 Nov 2015 12:21:01 -0500 (EST) (envelope-from michael+lists@burnttofu.net) Subject: Re: OpenSSH HPN To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= , freebsd-current@freebsd.org, freebsd-security@freebsd.org References: <86io5a9ome.fsf@desk.des.no> From: Michael Sinatra Message-ID: <5642277C.8010905@burnttofu.net> Date: Tue, 10 Nov 2015 09:21:00 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <86io5a9ome.fsf@desk.des.no> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (burnttofu.net [162.217.113.18]); Tue, 10 Nov 2015 12:21:02 -0500 (EST) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2015 17:22:22 -0000 On 11/10/15 1:42 AM, Dag-Erling Smørgrav wrote: > Some of you may have noticed that OpenSSH in base is lagging far behind > the upstream code. > > The main reason for this is the burden of maintaining the HPN patches. > They are extensive, very intrusive, and touch parts of the OpenSSH code > that change significantly in every release. Since they are not > regularly updated, I have to choose between trying to resolve the > conflicts myself (hoping I don't break anything) or waiting for them to > catch up and then figuring out how to apply the new version. > > Therefore, I would like to remove the HPN patches from base and refer > anyone who really needs them to the openssh-portable port, which has > them as a default option. I would also like to remove the NONE cipher > patch, which is also available in the port (off by default, just like in > base). My current employer is a big proponent of HPN (see http://fasterdata.es.net/data-transfer-tools/scp-and-sftp/). However, I agree that the difficulty of patching to the changing upstream is significant. Frankly, I am quite impressed that you have been able to keep up with it for this long. I would be more than happy if the HPN patches continued to be in the port version and base were able to keep up with the upstream by removing the HPN dependency. There will be some places where we will notice the difference in performance; in those cases we will install the HPN-patched port. michael