RedHat forks OpenSSH?
Damien Miller
djm at mindrot.org
Thu Nov 11 17:14:39 EST 2004
Jefferson Ogata wrote:
> I'm also curious why it's important to have this code in the
> distribution. What practical use does it serve? Shouldn't we just stick
> with blowfish et al anyway?
I don't really care if Redhat disables ciphers or modifies ssh. They
have patched ssh for years and we don't have a problem with that. These
patches are conveniently located in their source RPM, so they can be
easily reviewed.
OTOH by making their own tarball, they add extra hassle that we have to
go through when we investigate bug reports from redhat users. We can't
just look at the patches, we have to do this silly dance with diff.
Who knows what their misguided lawyers are going to chop next?
(A)RC4 is in exactly the same legal boat as ACSS, it just isn't as well
publicised among the masses. DSA too has had vague threats hanging over
it. Maybe they may wake up on the wrong side of bed and start taking
the five year old ssh trademark threat seriously? (yes, this last one is
a joke)
Nobody has answered: why should we put in extra effort to support
RedHat users? That is the essence of the problem.
More information about the openssh-unix-dev
mailing list