Debian openssh option review: considering splitting out GSS-API key exchange
Colin Watson
cjwatson at debian.org
Fri Aug 30 20:11:03 AEST 2024
On Tue, Apr 02, 2024 at 01:30:11AM +0100, Colin Watson wrote:
> * for Debian trixie (current testing):
>
> * add dependency-only packages called something like
> openssh-client-gsskex and openssh-server-gsskex, depending on their
> non-gsskex alternatives
> * add NEWS.Debian entry saying that people need to install these
> packages if they want to retain GSS-API key exchange support
This is now implemented in Debian unstable. I called the packages
openssh-client-gssapi and openssh-server-gssapi, with the intention of
splitting out both GSS-API authentication and key exchange support
later: that is, in trixie+1 I intend to build openssh without
--with-kerberos5 as well as dropping the key exchange patch from the
main packages, and you'd have to use openssh-*-gssapi for either
function.
--
Colin Watson (he/him) [cjwatson at debian.org]
More information about the openssh-unix-dev
mailing list