RedHat forks OpenSSH?

[Dan Kaminsky]

>Impolite in the fact they take a clean tar ball physically remove code
>from it instead of using the native RPM patch methology.  Thus you have an
>unsignable and unverifiable *.tar.gz file within the srpm.
>  
>
The point is that they can't ship SRPM's with ACSS, built or not.  
Negative patches still contain the offending code, even as they say 
"don't built this".

--Dan