Legacy option for key length?
Peter Moody
mindrot at hda3.com
Tue Jan 2 02:52:26 AEDT 2018
I would prefer that:
* commercial vendors patched the software they sold
* people who purchased from these vendors to take responsibility for
their actions and apply pressure on the commercial vendors rather than
the free software developers who provide the client software, for
free.
and I'm not sure what your bugaboo is about a fractured user base; at
any given time there are probably hundreds of different versions of
openssh being distributed due to different os's, distros, etc.
by the way, do you not see that every one of your arguments about the
openssh client can be applied, almost verbatim, to the vendor supplied
sshd? with the obvious exception that one is supplied by a commercial
vendor.
bye
On Sun, Dec 31, 2017 at 8:04 PM, David Newall <openssh at davidnewall.com> wrote:
> On 31/12/17 16:44, Peter Moody wrote:
>
> On Sat, Dec 30, 2017 at 9:47 PM, David Newall <openssh at davidnewall.com>
> wrote:
>
> Of course it's the client's fault. The client worked, was changed, and thus
> stopped working.
>
> don't upgrade your client. problem solved. you're at fault for not
> pinning your dependencies when you have hard dependencies.
>
> Really? A fractured user-base: that's what you want? And you want to blame
> the victims? People who don't discover that newer versions of openssh don't
> work for equipment which they rarely need to access are at fault for
> believing that what was promised would never be taken away? Just leave them
> a little time bomb. Nice. Very nice.
More information about the openssh-unix-dev
mailing list