From owner-cvs-all  Tue Mar 19 12:13: 8 2002
Delivered-To: cvs-all@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-165-226-239.dsl.lsan03.pacbell.net [64.165.226.239])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5EE2237B422; Tue, 19 Mar 2002 12:11:30 -0800 (PST)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 8BC3C66C39; Tue, 19 Mar 2002 12:11:29 -0800 (PST)
Date: Tue, 19 Mar 2002 12:11:29 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Guy Helmer <ghelmer@palisadesys.com>
Cc: "David W. Chapman Jr." <dwcjr@inethouston.net>,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/secure/usr.sbin/sshd Makefile
Message-ID: <20020319121129.A2791@xor.obsecurity.org>
References: <014901c1cf76$776b0f00$d800a8c0@dwcjr> <Pine.LNX.4.33.0203191253290.12151-100000@magellan.palisadesys.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="6TrnltStXW4iwmi0"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <Pine.LNX.4.33.0203191253290.12151-100000@magellan.palisadesys.com>; from ghelmer@palisadesys.com on Tue, Mar 19, 2002 at 01:05:32PM -0600
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


--6TrnltStXW4iwmi0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 19, 2002 at 01:05:32PM -0600, Guy Helmer wrote:

> > Basically the portable would require less hacking to run on freebsd.  T=
hey
> > are Both from OpenBSD so there shouldn't be any disadvantage.
>=20
> The "portable" openssh contains extra code to support other non-BSD O/S's.
> To me, this implies the portable openssh contains code we don't need and
> it may have security implications.  I see this as a disadvantage.

On the contrary, all the code "we don't need" is not actually compiled
on FreeBSD.

OpenBSD have in practise refused to accept patches from FreeBSD
(including bugfixes due to differences in FreeBSD behaviour), unless
they're also bugs in the OpenBSD version.  Therefore the maintenance
burden is on the person doing the vendor imports, and it gets
increasingly harder over time as the divergence increases.  This is
the main reason for the delays in updating OpenSSH in FreeBSD.

The big advantage to openssh-portable is that they will actually
accept portability patches, partly offloading maintenance of those
patches onto them.  I think we should switch over ASAP, and we'll
benefit significantly in the long run.

Kris

--6TrnltStXW4iwmi0
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8l5twWry0BWjoQKURAqY2AJ9DLf1bNGpuBWg2V8DdXOjcdIMP6gCgxKVf
9GIS6rlghlIkfN7Mml8S2Sw=
=pVSh
-----END PGP SIGNATURE-----

--6TrnltStXW4iwmi0--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message