[ATrpms-users] Re: openssh

Eric Brunson brunson at brunson.com
Mon Apr 5 15:04:27 CEST 2004 

On Mon, 2004-04-05 at 02:00, Axel Thimm wrote:
> Hi Eric,
> 
> On Sun, Apr 04, 2004 at 11:12:14PM -0600, Eric Brunson wrote:
> > It strikes me as odd that the version of openssh distributed by redhat
> > is  latest openssh rpm I can find is something close to 2.4, the latest
> > version I can find anywhere in rpm format is around 2.6, but the latest
> > released version is 2.8.  I'm reminded of cursing the name brand unix
> > vendors for shipping ksh88 as late as last year when ksh 94 has been
> > available since... umm... 1994?
> > 
> > I built a set of rpms for all the openssh packages based on the 28.p1
> > code.  Would you like me spec file to build it for your repository?  It
> > needs a new sig and you have to have a path to krb5-config (part of
> > krb5-devel) set in your environment, but other than that it's good to
> > go.
> 
> thanks for the contribution. atrpms-devel is perhaps more appropriate
> to discuss new packages.
> 
> About openssh itself (which is at 3.6.1p2 on FC1 and current rawhide,
> and 3.8 has been released a week ago). It is a very critical package
> of the system, which Red Hat probably has to QA on the source code
> level to allow an upgrade. Security issues are backported to the
> openssh version the supported distributions carry. Newer releases
> could have new security bugs that open up your system, so an extensive
> QA is very neccessary.
> 
> Are you missing features of 3.8? AFAICT after an upgrade there can be
> issues with useradd accounts and kerberos, X11 forwarding and even
> PAM. So a lot of other packages would have to be adjusted to not
> suddenly lock people out of their system.
> 
> What do you think?

Obviously, I think you're correct because I wasn't willing to install it
on my production webserver.

I am using it in conjunction with lufs, sshfs and automount and wanted
to limit the number of password prompts sshd issues when I type in a
wrong path.  This was apparenly made as a patch against 2.7.x, but I see
your point with the QA.

I think I was primarily challenged by the creation of the RPM.  :-)

Thanks,
e.

More information about the atrpms-users mailing list