Date: Wed, 11 Nov 2015 15:58:35 -0800 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Slawa Olhovchenkov <slw@zxy.spb.ru> Cc: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@des.no>, freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: Re: OpenSSH HPN Message-ID: <5643D62B.8040603@FreeBSD.org> In-Reply-To: <20151111235606.GF48728@zxy.spb.ru> References: <86io5a9ome.fsf@desk.des.no> <56428E8A.3090201@FreeBSD.org> <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <56438660.5010508@FreeBSD.org> <20151111235606.GF48728@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rdmSPKq4u6lOTXKlnn8nQbGD4p7Xaijl9 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11/11/2015 3:56 PM, Slawa Olhovchenkov wrote: > On Wed, Nov 11, 2015 at 10:18:08AM -0800, Bryan Drewery wrote: >=20 >> On 11/11/2015 10:13 AM, Slawa Olhovchenkov wrote: >>> On Wed, Nov 11, 2015 at 05:51:25PM +0100, Dag-Erling Sm=C3=B8rgrav wr= ote: >>> >>>> Bryan Drewery <bdrewery@FreeBSD.org> writes: >>>>> Another thing that I did with the port was restore the tcpwrapper >>>>> support that upstream removed. Again, if we decide it is not worth >>>>> keeping in base I will remove it as default in the port. >>>> >>>> I want to keep tcpwrapper support - it is another reason why I still= >>>> haven't upgraded OpenSSH, but to the best of my knowledge, it is far= >>>> less intrusive than HPN. >>> >>> Can you explain what is problem? >>> I am see openssh in base and openssh in ports (more recent version) >>> with same functionaly patches. >>> You talk about trouble to upgrade. What is root? >>> openssh in base have different vendor and/or license? >>> Or something else? >>> >>> PS: As I today know, kerberos heimdal is practicaly dead as opensourc= e >>> project. Have FreeBSD planed switch to MIT Kerberos? >>> I am know about security/krb5. >>> >> >> IMHO the problem comes down to time. Patching an upstream project >> increases maintenance cost for upgrading it. Every patch adds up. When= >> you become busy and don't have time to pay attention to every little >> change made in a release, hearing 'removed tcpwrappers support' or >> 'refactored the code <more> for libssh usage' makes it sound like 1 mo= re >> thing you must deal with to upgrade that code base and more effort to >> validate that your patches are right. We obviously don't want to just >> drop in the latest code and throw it out there as broken. SSH is quite= >> critical and we want to ensure our changes are still right, and that >> doing something like adding tcpwrappers back in won't introduce some >> security bug that upstream was coy about. >=20 > Some for as ports version? > Or ports version different? > Or port mantainer have more time (this is not to blame for DES)? > I am just don't know what is different between port ssh and base ssh. > We need ssh 6.x in base, not 7.x as in port (why?) and this is need > independed work on pathes? > I am missing somehow commonplace for others. >=20 I am the ports maintainer. That was my opinion on why OpenSSH falls behind. There is no real difference between the base and port version except that the port version has some more optional patches, and is easier to push updates for through ports and packages, rather than an Errata through freebsd-update or a full release to get to the latest OpenSSH version. There have been many times where the base version was more up-to-date than the port as well due to the lack of a maintainer or the previously mentioned patch blockers. --=20 Regards, Bryan Drewery --rdmSPKq4u6lOTXKlnn8nQbGD4p7Xaijl9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJWQ9YrAAoJEDXXcbtuRpfPqE4IAKXHlm28Awi7l5l4T7K9C421 stDsBANU5/huIwaIz1bVAqVwKhe58gA1Gb4sXwOQgGlykewJEl/dazvZLn/bZ4R6 A/p/p9CLKZaIO2UPq55tysZXHrU1BfgUY+zbke5sT06ICjuG1wYuMtQkruSm7qd9 2FYbXsbPn0FZ2LgeOvkdNCOtKBzZKUyUuKLGVmsV1E288+gwcBzVLWJGKWoyJ5jK gPkTeBA04fCUZdzhLOdwQr80vd4Cr7wWtq/INCZyxcYB2fNgvTp7DH7OudJyng6s KFmW/cgLZMzv+3Qw1z9ebrpWRJA3QzVKeO1JNB1ZFuucPC+ee33ZdNtDWbIRk2w= =6I9r -----END PGP SIGNATURE----- --rdmSPKq4u6lOTXKlnn8nQbGD4p7Xaijl9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5643D62B.8040603>