Date: Wed, 2 Jan 2002 07:59:35 +0200 (SAT) From: John Hay <jhay@icomtek.csir.co.za> To: cjclark@alum.mit.edu Cc: rwatson@FreeBSD.ORG (Robert Watson), jhay@icomtek.csir.co.za (John Hay), randy@psg.com (Randy Bush), freebsd-security@FreeBSD.ORG Subject: Re: openssh version Message-ID: <200201020559.g025xaX94943@zibbi.icomtek.csir.co.za> In-Reply-To: <20020101130601.A153@gohan.cjclark.org> from "Crist J. Clark" at "Jan 1, 2002 01:06:01 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Eivind Eklund was looking at merging our various localizations forward > > (including PAM), and I'd really like to look at an upgrade in the post-4.5 > > scenario. Getting it in before the release is (at this point) out of the > > question, however. > > And this is the crux of the issue. Merging a new vendor version of > OpenSSH is non-trivial. In addition, there are frequently back > compatiblility issues (e.g. with configuration files) with new versions > of OpenSSH. For each person who asks, "Why isn't FreeBSD using the > bleeding-edge OpenSSH?" there will be several on -stable, "I just did > an installworld on a remote machine, and I can't access it via SSH any > more." Creating the potential for problems like this in STABLE is > bad. For these reasons and others, it is often more practical to patch > security fixes in the FreeBSD tree than to import fixes (and other > changes that come with it) from the vendor. Well I can accept your argument for -stable, although bigger changes has gone in -stable in the past, but what about -current? My -current boxes also still claim: "sshd version OpenSSH_2.9 FreeBSD localisations 20011202" And this is the problem, if we don't have -current upgraded we have little chance in getting wrinkles out and very little chance of it going in -stable. Also maybe we should think again about all our local changes and if all of them are really necesary. If we can ditch some, that will also make it a lot easier to upgrade. John -- John Hay -- John.Hay@icomtek.csir.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201020559.g025xaX94943>