From owner-freebsd-security Mon Jul 8 7:16:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C90237B400 for ; Mon, 8 Jul 2002 07:16:31 -0700 (PDT) Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7CFF43E52 for ; Mon, 8 Jul 2002 07:16:30 -0700 (PDT) (envelope-from pjklist@ekahuna.com) Received: from pc-02 (pc02.ekahuna.com [198.144.200.197]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com for ; Mon, 8 Jul 2002 07:16:30 -0700 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: security@FreeBSD.ORG Date: Mon, 8 Jul 2002 07:16:30 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Default ssh protocol in -STABLE [was: HEADS UP: FreeBSD-STABLEnow has OpenSSH 3.4p1] Reply-To: pjklist@ekahuna.com In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12c) Message-ID: <20020708141630166.AAA962@empty1.ekahuna.com@pc02.ekahuna.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Date: Sat, 06 Jul 2002 22:05:35 -0700 > From: Doug Barton > > Anthony Rubin wrote: > > > > Do people who depend on such things run mergemaster and blindly accept > > all changes? Does everyone throw every new -RELEASE into production > > without any testing? > > You've missed the point. This would be an architectural change. We do > those between branches, not towards the end of life of a -stable branch. > > Those who want protocol 2 to be the default have a simple config change > to make... users expecting the RELENG_4 branch to actually be -stable > shouldn't have their expectations so violently disturbed. Actually I'm not sure that history bears that out. Take a look at the fundamental changes in Sendmail functionality recently, granted it's a "contrib" package but it is part of the base system and enabled by default. I'd say it comes pretty close to the current scenario with openssh. (although I'll admit ssh probably has more potential to mess up peoples management scripts etc) -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message