https://bugzilla.mindrot.org/show_bug.cgi?id=1008
Oliver Freyermuth <o.freyermuth@googlemail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |o.freyermuth@googlemail.com
--- Comment #19 from Oliver Freyermuth <o.freyermuth@googlemail.com> ---
Since most distros carry downstream patches by now to implement this
feature, and some of them introduce new potentially security relevant
bugs (I have seen memory corruption on some distros) and maintenance
problems when new versions are released, it seems to me that the
security of OpenSSH downstream (i.e. what users experience as OpenSSH)
is degraded in the current situation. So as a security-conscious user,
I'd really love to see this functionality upstream.
As several downstream patches tested over years exist in distros, it
would be great to get a signal by upstream on whether this
functionality is not wanted upstream at all (i.e., closing this as
WONTFIX) or whether one of the patches is eligible, but would need
changes, such that the downstream community has some directions to help
to upstream this feature.
Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Oliver Freyermuth <o.freyermuth@googlemail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |o.freyermuth@googlemail.com
--- Comment #19 from Oliver Freyermuth <o.freyermuth@googlemail.com> ---
Since most distros carry downstream patches by now to implement this
feature, and some of them introduce new potentially security relevant
bugs (I have seen memory corruption on some distros) and maintenance
problems when new versions are released, it seems to me that the
security of OpenSSH downstream (i.e. what users experience as OpenSSH)
is degraded in the current situation. So as a security-conscious user,
I'd really love to see this functionality upstream.
As several downstream patches tested over years exist in distros, it
would be great to get a signal by upstream on whether this
functionality is not wanted upstream at all (i.e., closing this as
WONTFIX) or whether one of the patches is eligible, but would need
changes, such that the downstream community has some directions to help
to upstream this feature.
Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs