From owner-freebsd-stable Thu Jul 4 10:30:22 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C903937B400 for ; Thu, 4 Jul 2002 10:30:18 -0700 (PDT) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 545A643E09 for ; Thu, 4 Jul 2002 10:30:18 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 757574CAB; Thu, 4 Jul 2002 12:30:17 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g64HUHM89529; Thu, 4 Jul 2002 12:30:17 -0500 (CDT) (envelope-from hawkeyd) Date: Thu, 4 Jul 2002 12:30:17 -0500 From: D J Hawkey Jr To: Christopher Schulte Cc: stable at FreeBSD Subject: Re: HEADS UP: FreeBSD-STABLE now has OpenSSH 3.4p1 Message-ID: <20020704123016.A89510@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20020704115910.A89342@sheol.localdomain> <5.1.1.6.2.20020704120834.0412d678@pop3s.schulte.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <5.1.1.6.2.20020704120834.0412d678@pop3s.schulte.org>; from schulte+freebsd@nospam.schulte.org on Thu, Jul 04, 2002 at 12:18:04PM -0500 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Jul 04, at 12:18 PM, Christopher Schulte wrote: > > At 11:59 AM 7/4/2002 -0500, D J Hawkey Jr wrote: > >Once the dust has settled, will the recent changes in 4.6-STABLE be MFC'd > >to 4.6-RELEASE: > > > > - OpenSSH 3.4p1 > > I don't think so. > > >At this time, OpenSSH 3.4 will not be merged into the security > >branches. They are currently not vulnerable, and major upgrades are > >outside the scope of the security branches, particularly when such > >upgrades are practically guaranteed to break existing installations. But, but... But 4.6-RELEASE is vulnerable, as I understand it, and OpenSSH has to be considered within scope, no? What would an upgrade to OpenSSH 3.4 break? Or, what would I give up in order to have OpenSSH 3.4 under 4.6-RELEASE? > >Of course, OpenSSH 3.4 is always available via the Ports Collection, > >and I would, in fact, recommend that users take advantage of it and > >turn on PrivilegeSeperation if at all possible. I don't much care what technology fixes things, unless it breaks other "base" technologies. That is, if the fix breaks PAM or Kerberos, then the fix needs to be fixed, IMHO (no slight intended to anyone). > >Cheers, > >Jacques A. Vidrine http://www.nectar.cc/ > > His advice of port installation is a good solution if you want to use > privsep on a RELEASE build. > > Christopher Schulte > http://www.schulte.org/ > Do not un-munge my @nospam.schulte.org > email address. This address is valid. Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message