RFE: Portable OpenSSH

Dan Kaminsky dankamin at cisco.com
Wed Mar 28 13:57:07 EST 2001

> This problem has already been solved on several different occasions.
> You need to use a packaging system which remembers what each software
> package's requirements and prerequirements are.  If you don't want to
> use a native package manager (or if your native package manager sucks),
> i suggest epkg (http://www.encap.org/epkg/), which makes things like
> this (and like the libz thing you were complaining about earlier)
> relative nonissues.

Unneccesary dependancies are bad and are not particularly solved by simply
burying the problem under the but-we-have-a-great-package-format rug.

If it's *absolutely critical* that an executable be dependent on other
files, so be it, I'll live.  But that's a pain from a sysadmin's
perspective, and it's one I think that admin should have the *chance* to
avoid if necessary.  I accept pain when necessary, but reject it strongly
when it's superfluous.

Anyway, you're dancing around my actual question:  Why are compile-time
checks, for reasons *other* than "if we include that library on the wrong
system, the code won't build", good?  Recompiling is clearly more painful
than changing an option in sshd_config or silently downgrading(like we do
when we can't find a primes file).

Yes, we can be more flexible with compile time checks when we have a
packaging format that can choose which binaries to install at which times,
but isn't it better to have flexible binaries?  For /dev/random handling,
you'd need to compile both sets of code, throw it into a package, then have
your package manager dynamically choose which one to actually install.
Gotta admit that's pretty ugly ;-)

Anyway, no magic bullet turns libz into a non-issue.  If sysadmins *have* to
get packages, because they can't figure out how to compile the code and move
it elsewhere, then they've lost freedom and access to the source(indeed, the
source for them has been "neutered"; it's useful to look at but it doesn't
spawn anything useful).  Epkg isn't everywhere by default...though it could
be, and maybe should be, and *mayyyyyyyybe* ought to be included as the
cross-platform package generator for OpenSSH?

Something to think about?

Yours Truly,

    Dan Kaminsky, CISSP

More information about the openssh-unix-dev mailing list