From owner-freebsd-security  Tue Jun 25  5:36:22 2002
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id E368037B404
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 05:36:14 -0700 (PDT)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.3/8.12.3) with SMTP id g5PCa6w6060199;
	Tue, 25 Jun 2002 08:36:07 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Tue, 25 Jun 2002 08:36:06 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: "Matthew N. Dodd" <winter@jurai.net>
Cc: Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG
Subject: Re: Time to look put more resources into FreeSSH ?
In-Reply-To: <20020625035702.F95270-100000@sasami.jurai.net>
Message-ID: <Pine.NEB.3.96L.1020625083430.43916U-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Tue, 25 Jun 2002, Matthew N. Dodd wrote:

> On Tue, 25 Jun 2002, Darren Reed wrote:
> > I think the subject raises the question well enough.
> >
> > What do others think about creating a little "bio-diversity" and
> > moving from OpenSSH to FreeSSH at some point in the future as the
> > "default" ssh installed ?
> 
> If it moves the ssh utility out of the system so that the upgrade path
> is via ports rather than build/install world then I'm for it. 
> 
> Having OpenSSH in the source tree doesn't buy us anything over having it
> in ports and managing our local patches in the projects/ CVS hierarchy. 
> 
> I see no problem with having a set of 'default packages' installed by
> sysinstall. 

In the past, the OpenBSD OpenSSH has required hire levels of modification
to run in our environment in a manner consistent with other remote access
services.  This has been the case because of things like PAM support.  It
could be that with a move to OpenSSH-portable, there's an improved ability
to merge non-OpenBSD-relevant changes back to the vendor (in fact, I'd
imagine that would very much be the case).  This will let us re-visit the
base tree issue if we choose to once that result is clear.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message