Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 4 Jul 2002 12:30:17 -0500
From:      D J Hawkey Jr <hawkeyd@visi.com>
To:        Christopher Schulte <schulte+freebsd@nospam.schulte.org>
Cc:        stable at FreeBSD <freebsd-stable@freebsd.org>
Subject:   Re: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1
Message-ID:  <20020704123016.A89510@sheol.localdomain>
In-Reply-To: <5.1.1.6.2.20020704120834.0412d678@pop3s.schulte.org>; from schulte%2Bfreebsd@nospam.schulte.org on Thu, Jul 04, 2002 at 12:18:04PM -0500
References:  <20020704115910.A89342@sheol.localdomain> <5.1.1.6.2.20020704120834.0412d678@pop3s.schulte.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 04, at 12:18 PM, Christopher Schulte wrote:
> 
> At 11:59 AM 7/4/2002 -0500, D J Hawkey Jr wrote:
> >Once the dust has settled, will the recent changes in 4.6-STABLE be MFC'd
> >to 4.6-RELEASE:
> >
> >   - OpenSSH 3.4p1
> 
> I don't think so.
> 
>  >At this time, OpenSSH 3.4 will not be merged into the security
>  >branches.  They are currently not vulnerable, and major upgrades are
>  >outside the scope of the security branches, particularly when such
>  >upgrades are practically guaranteed to break existing installations.

But, but... But 4.6-RELEASE is vulnerable, as I understand it, and OpenSSH
has to be considered within scope, no?

What would an upgrade to OpenSSH 3.4 break? Or, what would I give up in
order to have OpenSSH 3.4 under 4.6-RELEASE?

>  >Of course, OpenSSH 3.4 is always available via the Ports Collection,
>  >and I would, in fact, recommend that users take advantage of it and
>  >turn on PrivilegeSeperation if at all possible.

I don't much care what technology fixes things, unless it breaks other
"base" technologies. That is, if the fix breaks PAM or Kerberos, then
the fix needs to be fixed, IMHO (no slight intended to anyone).

>  >Cheers,
>  >Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
> 
> His advice of port installation is a good solution if you want to use 
> privsep on a RELEASE build.
> 
> Christopher Schulte
> http://www.schulte.org/
> Do not un-munge my @nospam.schulte.org
> email address.  This address is valid.

Dave

-- 
  ______________________                         ______________________
  \__________________   \    D. J. HAWKEY JR.   /   __________________/
     \________________/\     hawkeyd@visi.com    /\________________/
                      http://www.visi.com/~hawkeyd/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020704123016.A89510>