[PATCH] U2F support in OpenSSH

Peter Stuge peter at stuge.se
Fri Feb 27 03:20:46 AEDT 2015

Michael Stapelberg wrote:
> With regards to discussion with upstream: before my first post, I
> looked for any sort of contributor guidelines on the openssh.org
> website and couldn’t find anything. Without any guidelines to go
> on, my default approach is to contact upstream by sending a patch,
> demonstrating the feasibility of what I’m suggesting.

I'd like to suggest that you consider a different default approach
for the future: Communicate with people before investing time in code.

That way you will get to know the project and the project will get to
know you.

> With regards to what I expect: regardless of how I initially contacted
> upstream, I still think that not even getting as much as “Oh, I can
> imagine we would like to eventually merge this, please give me a
> month to get back to you” from upstream is very discouraging.

Sorry, but there are literally no promises. (See the license, right.)

You can't expect that anyone has time to react to a patch, there is a
universal shortage of developers, and everyone will have priorities
different to yours. :)

Something like u2f might take years or a decade rather than months.
Be patient.

You can of course help free time within the project by observing what
needs doing and then digging in with significant contributions there.

> from what I can tell upstream’s opinion might as well be “this will
> never get in”, and then I’d just be wasting my time.

Speculation. You (and I) can't tell, there is no expressed opinion.

> I hope what I just wrote makes some sense (if not, please ask for
> clarifications!) and doesn’t offend any of the project members.

FWIW I don't think anyone is offended, but reality in this project is
that random new changes can need a long time. The best thing to do
with your patch right now might be to attach it to a bugzilla bug (if
you haven't already) so that it doesn't get lost in the endless sea
of email.

> really think that the OpenSSH project should improve in such a
> situation as the one we’re talking about.

That happens if and when someone makes it happen. I actually prefer
developers to keep developing. It's a tricky question.

Kind regards


More information about the openssh-unix-dev mailing list