From nobody Tue Apr 2 20:01:14 2024 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V8Jfj5xNyz5FfXV for ; Tue, 2 Apr 2024 20:01:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V8Jfj4vRkz5107 for ; Tue, 2 Apr 2024 20:01:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1712088077; a=rsa-sha256; cv=none; b=OU+NVF4KIP0z09h70Kx+QcFUYnV5NYdz8YESYJl7jZ15q6ROFP89aEfFh2EscWCJVG2kqH QE5S+kl6V6y0jewYBTz7sKlVum5/c0hUy/FRusDqJovUcIP3j8C5vyQ37GRobEi6TeAQ+Z Ja9YnTa2Jr0T3NVSER1h2MTJO9UpaoYtzfXofdIW/h0uWnesq8bV4FoWSzNX0Xxg/JHwlA crCwuZRjmWirLzMTsXRHPcIZaeqVQ3+36na10fHQZdFfzqUGaYFYfUHZ5jHwxbh0fwYysL 3XFNRycnEXW4xgi7snFovoYBqJzGwqBfHJ4zVQRf6mr2V3fo9JJEHcW8ZNSgYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1712088077; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HHll1mvA8KfOdjO6H/iNnPOc6thygWdlishHTl4Jl9M=; b=ccmwmYBp7tpXpL6bRMhdHbRtH/VrAk78/iG5JBSHC/CNiMsVvPpRH5aRIOEUVHczTTLhAM ar8W9NVgrDKH/e5ITzzhFAmtiP+HHwavBaFEXVBxF8PmUXS3mxaKPsNAx+7KKPkkEOOsXU i+QbKC4KFKRAhgV6p8SH84SEsIUVjW4kupk1Uee44GjivdqzLWcmZ3Rg64ZIs5n27mwOEP Hoo3CElnVsamKHUHKGLDg4gcW/6TVeL1sgdJA7xpPQkwzIl08y1U0T6RCt0DTz1MY31f6Y H0DMDK/FuJmO73ZNpMOWTNgS9OYmyf8TJZysyjjQzJghXlb3u9Hzcswzp/Ti9A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4V8Jfj4W9hz13N8 for ; Tue, 2 Apr 2024 20:01:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 432K1HMR019406 for ; Tue, 2 Apr 2024 20:01:17 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 432K1HQ5019395 for ports-bugs@FreeBSD.org; Tue, 2 Apr 2024 20:01:17 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 277650] Remove supporting linking against Heimdal from base (GSSAPI_BASE) Date: Tue, 02 Apr 2024 20:01:14 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: me@svmhdvn.name X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: cy@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277650 --- Comment #11 from Siva Mahadevan --- Then why not build security/openssh-portable from ports and set the GSSAPI option there? What are the clear advantages of having kerberos included in = base and forcing GSSAPI support to be enabled in base-provided sshd? Additionall= y, aren't current users who depend on base-provided Kerberos subject to any possible CVEs that have affected Heimdal in base (or MIT krb5 once that gets hypothetically included into base) since 12 years ago? Heimdal and MIT krb5= are up-to-date in the ports collection right now. I agree that kerberos support in sshd is great, since I use it in my own servers as well. But since I build my own private poudriere repo, I'm able = to quite easily select the latest (with all security patches included) GSSAPI provider from ports and use that to build ports-provided sshd with GSSAPI enabled. --=20 You are receiving this mail because: You are on the CC list for the bug.=