Date: Tue, 1 Jan 2002 13:06:01 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: John Hay <jhay@icomtek.csir.co.za>, Randy Bush <randy@psg.com>, freebsd-security@FreeBSD.ORG Subject: Re: openssh version Message-ID: <20020101130601.A153@gohan.cjclark.org> In-Reply-To: <Pine.NEB.3.96L.1020101123222.14067C-100000@fledge.watson.org>; from rwatson@FreeBSD.ORG on Tue, Jan 01, 2002 at 12:36:58PM -0500 References: <200201010631.g016Va856231@zibbi.icomtek.csir.co.za> <Pine.NEB.3.96L.1020101123222.14067C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 01, 2002 at 12:36:58PM -0500, Robert Watson wrote:
[snip]
> Eivind Eklund was looking at merging our various localizations forward
> (including PAM), and I'd really like to look at an upgrade in the post-4.5
> scenario. Getting it in before the release is (at this point) out of the
> question, however.
And this is the crux of the issue. Merging a new vendor version of
OpenSSH is non-trivial. In addition, there are frequently back
compatiblility issues (e.g. with configuration files) with new versions
of OpenSSH. For each person who asks, "Why isn't FreeBSD using the
bleeding-edge OpenSSH?" there will be several on -stable, "I just did
an installworld on a remote machine, and I can't access it via SSH any
more." Creating the potential for problems like this in STABLE is
bad. For these reasons and others, it is often more practical to patch
security fixes in the FreeBSD tree than to import fixes (and other
changes that come with it) from the vendor.
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020101130601.A153>