From owner-freebsd-security@freebsd.org Fri Feb 3 17:04:53 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F0688CCEB90 for ; Fri, 3 Feb 2017 17:04:53 +0000 (UTC) (envelope-from heas@shrubbery.net) Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by mx1.freebsd.org (Postfix) with ESMTP id D531FDEF for ; Fri, 3 Feb 2017 17:04:53 +0000 (UTC) (envelope-from heas@shrubbery.net) Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 131826B4D5; Fri, 3 Feb 2017 17:04:52 +0000 (UTC) Date: Fri, 3 Feb 2017 17:04:52 +0000 From: heasley To: Ian Smith Cc: freebsd-security@freebsd.org Subject: Re: fbsd11 & sshv1 Message-ID: <20170203170452.GA40078@shrubbery.net> References: <20170127173016.GF12175@shrubbery.net> <867f5c66yr.fsf@desk.des.no> <20170130195226.GD73060@shrubbery.net> <867f5bfmde.fsf@desk.des.no> <20170131201722.GH11924@shrubbery.net> <86y3xqdxox.fsf@desk.des.no> <20170203005331.GG8381@shrubbery.net> <20170203143417.C33334@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170203143417.C33334@sola.nimnet.asn.au> X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: i just want to have a beer while i am caring. X-Claimation: an engineer needs a manager like a fish needs a bicycle X-reality: only YOU can put an end to the embarrassment that is Tom Cruise User-Agent: Mutt/1.7.2 (2016-11-26) X-Mailman-Approved-At: Fri, 03 Feb 2017 17:46:47 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Feb 2017 17:04:54 -0000 Fri, Feb 03, 2017 at 03:13:44PM +1100, Ian Smith: > Nobody 'forbids' you from making such a port, for your own use and/or > for others. See Peter Jeremy's suggestion re where it might be placed > and what sort of dire warnings it ought to announce; I expect SO and > ports secteam would insist on nothing less. > > This differs from expecting|demanding|hoping somebody ELSE should do it. i've already explained why I think we (as in those needing it) building our own is a worse security approach. Its also a bit silly for all those folks to do it themselves; for the same reason that there are binary ports. i'll need to modify some code, but i'll try plink instead of maintaining my own. until then, i've built my own v1 openssh client.