From owner-freebsd-current@freebsd.org Wed Nov 11 09:27:10 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 63E49A2BD35; Wed, 11 Nov 2015 09:27:10 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3F0F41F58; Wed, 11 Nov 2015 09:27:09 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (50-196-156-133-static.hfc.comcastbusiness.net [50.196.156.133]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id tAB9QsQN091726 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 11 Nov 2015 01:26:57 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: OpenSSH HPN To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= , freebsd-current@freebsd.org, freebsd-security@freebsd.org References: <86io5a9ome.fsf@desk.des.no> From: Julian Elischer Message-ID: <564309D8.7020307@freebsd.org> Date: Wed, 11 Nov 2015 17:26:48 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <86io5a9ome.fsf@desk.des.no> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2015 09:27:10 -0000 On 11/10/15 5:42 PM, Dag-Erling Smørgrav wrote: > Some of you may have noticed that OpenSSH in base is lagging far behind > the upstream code. > > The main reason for this is the burden of maintaining the HPN patches. > They are extensive, very intrusive, and touch parts of the OpenSSH code > that change significantly in every release. Since they are not > regularly updated, I have to choose between trying to resolve the > conflicts myself (hoping I don't break anything) or waiting for them to > catch up and then figuring out how to apply the new version. > > Therefore, I would like to remove the HPN patches from base and refer > anyone who really needs them to the openssh-portable port, which has > them as a default option. I would also like to remove the NONE cipher > patch, which is also available in the port (off by default, just like in > base). > > DES The inclusion of the HPN patches meant that we could drop a custom unsupported HPN enabled ssh from our build process. It makes ssh actually usable. Without it we need to keep integrating HPN ever time ssh is upgraded. We were SO HAPPY when it came in by default.