Bug #866

Damien Miller djm at mindrot.org
Wed Jul 31 10:54:52 EST 2013


On Tue, 30 Jul 2013, Nico Williams wrote:

> I'm actually more interested in knowing why this got fixed now.  I
> searched the list archives for discussion of the need for this, but
> found nothing in the past two years (I gave up searching then).  Has
> NFS (or similar) become more widely used by the dev team?  Were there
> off-list requests for this feature?

Why now? The proliferation of vendor packages that patch in things like
GSSAPI-KEX and have default configurations that enable them explicitly.
It makes it quite difficult to use custom-compiled packages of OpenSSH
on these systems.

For the record, I think turning on the attack surface of GSSAPI by
default is a Very Bad Decision all by itself.

-d


More information about the openssh-unix-dev mailing list