FYI: SSH1 now disabled at compile-time by default
Iain Morgan
imorgan at nas.nasa.gov
Fri Mar 27 05:44:37 AEDT 2015
On Thu, Mar 26, 2015 at 10:19:05 -0700, Dan Kaminsky wrote:
> Communication is a two way street. If OpenSSH wants to go down the route
> of single releases, like the browsers did, it can remove its minor numbers,
> like the browsers did.
>
There's no question of "going down the route." This has been the
practice with OpenSSH for many years -- if not from the beginning.
Certainly, those outside of the OpenSSH development community often
assume the major/minor release scheme used by the majority of open
source projects, but I'm suprised to see such confusion on this list.
As to disabling SSH v1, hurray! The protocol has been long-obsolete and
it is well-known to be insecure. Sure, some will eventually be impacted
by this, but maybe that is a good thing. Perhaps it will give a little
more incentive for those who are still using SSH1 to move into this
century.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list