From owner-freebsd-security@FreeBSD.ORG  Mon Oct  6 09:19:10 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 64ED516A4BF
	for <freebsd-security@freebsd.org>;
	Mon,  6 Oct 2003 09:19:10 -0700 (PDT)
Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8F97043FF2
	for <freebsd-security@freebsd.org>;
	Mon,  6 Oct 2003 09:19:08 -0700 (PDT)
	(envelope-from hawkeyd@visi.com)
Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193])
	by corb.mc.mpls.visi.com (Postfix) with ESMTP id E48C38890
	for <freebsd-security@freebsd.org>;
	Mon,  6 Oct 2003 11:19:07 -0500 (CDT)
Received: (from hawkeyd@localhost)
	by sheol.localdomain (8.11.6p2/8.11.6) id h96GJ6P05675
	for freebsd-security@freebsd.org; Mon, 6 Oct 2003 11:19:06 -0500 (CDT)
	(envelope-from hawkeyd)
X-Spam-Policy: http://www.visi.com/~hawkeyd/index.html#mail
Date: Mon, 6 Oct 2003 11:19:06 -0500
From: D J Hawkey Jr <hawkeyd@visi.com>
To: security at FreeBSD <freebsd-security@freebsd.org>
Message-ID: <20031006161906.GA5599@sheol.localdomain>
References: <200310032249.h93MnXS8047857@freefall.freebsd.org>
	<20031005142519.GA76750@sheol.localdomain>
	<20031005163252.GC399@cowbert.2y.net>
	<20031005171245.GA82807@sheol.localdomain>
	<20031006120442.GA77299@madman.celabo.org>
	<20031006135332.GA3551@sheol.localdomain>
	<20031006141001.GB46753@madman.celabo.org>
	<20031006145835.GA4742@sheol.localdomain>
	<20031006150205.GA1756@madman.celabo.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031006150205.GA1756@madman.celabo.org>
User-Agent: Mutt/1.4.1i
Subject: Re: 4.6-R (Was: Re: FreeBSD Security Advisory
	FreeBSD-SA-03:18.openssl)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: hawkeyd@visi.com
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2003 16:19:10 -0000

On Oct 06, at 10:02 AM, Jacques A. Vidrine wrote:
> 
> > > Check the commit logs on RELENG_4 from that period.  The differences
> > > are due to normal development between the time 4.5-RELEASE and
> > > 4.6-RELEASE.
> 
> I didn't make the changes, so I'd have to look at the CVS history to
> answer specific questions myself.  However, in general we change the
> defaults to be `better' or `safer'.

Just a coda to this sub-thread: The SSH config file changes in SA-03:15
reflect the defaults as doc'd in the RELENG_4_5 man pages, though the
commented options in the default RELENG_4_5 config files do not match the
documented defaults.

L8r,
Dave

-- 
  ______________________                         ______________________
  \__________________   \    D. J. HAWKEY JR.   /   __________________/
     \________________/\     hawkeyd@visi.com    /\________________/
                      http://www.visi.com/~hawkeyd/