Date: Thu, 4 Jul 2002 12:30:17 -0500 From: D J Hawkey Jr <hawkeyd@visi.com> To: Christopher Schulte <schulte+freebsd@nospam.schulte.org> Cc: stable at FreeBSD <freebsd-stable@freebsd.org> Subject: Re: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1 Message-ID: <20020704123016.A89510@sheol.localdomain> In-Reply-To: <5.1.1.6.2.20020704120834.0412d678@pop3s.schulte.org>; from schulte%2Bfreebsd@nospam.schulte.org on Thu, Jul 04, 2002 at 12:18:04PM -0500 References: <20020704115910.A89342@sheol.localdomain> <5.1.1.6.2.20020704120834.0412d678@pop3s.schulte.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 04, at 12:18 PM, Christopher Schulte wrote: > > At 11:59 AM 7/4/2002 -0500, D J Hawkey Jr wrote: > >Once the dust has settled, will the recent changes in 4.6-STABLE be MFC'd > >to 4.6-RELEASE: > > > > - OpenSSH 3.4p1 > > I don't think so. > > >At this time, OpenSSH 3.4 will not be merged into the security > >branches. They are currently not vulnerable, and major upgrades are > >outside the scope of the security branches, particularly when such > >upgrades are practically guaranteed to break existing installations. But, but... But 4.6-RELEASE is vulnerable, as I understand it, and OpenSSH has to be considered within scope, no? What would an upgrade to OpenSSH 3.4 break? Or, what would I give up in order to have OpenSSH 3.4 under 4.6-RELEASE? > >Of course, OpenSSH 3.4 is always available via the Ports Collection, > >and I would, in fact, recommend that users take advantage of it and > >turn on PrivilegeSeperation if at all possible. I don't much care what technology fixes things, unless it breaks other "base" technologies. That is, if the fix breaks PAM or Kerberos, then the fix needs to be fixed, IMHO (no slight intended to anyone). > >Cheers, > >Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ > > His advice of port installation is a good solution if you want to use > privsep on a RELEASE build. > > Christopher Schulte > http://www.schulte.org/ > Do not un-munge my @nospam.schulte.org > email address. This address is valid. Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020704123016.A89510>