Call for testers.
Damien Miller
djm at mindrot.org
Sat Sep 15 21:30:50 EST 2001
On Sat, 15 Sep 2001, Pekka Savola wrote:
> 1) it would be nice if the init scripts took advantage of the new sshd -t
> feature. Patch attached. The failure will look like:
APplied.
> 2) Merging the latest Red Hat openssh spec file and the current one a bit.
> XXX: ssh-keyscan is in both openssh and openssh-clients; I removed it from
> openssh, your mileage may vary. If there is a will, I could try to merge
> these further.
Applied.
> 3) Taking package descriptions from latest Red Hat spec; IMO these are a
> bit better, -askpass, -gnome-askpass etc. are too "noisy" at least; as
> they require OpenSSH, one should not need to explain openssh in those.
> (separate patch from above for clarity; this might also be a bit more
> controversial..)
Applied with changes.
> 4) A patch from Red Hat that makes sshd.c do setgroups so that under some
> circumstances supplemental groups are removed (the cookie attack). May or
> may not be useful.
>
> I fixed a warning in this one, in the ambiguous if - if - else structure.
Applied after changes - it is always fatal to fail.
> 5) It might be time to remove --with-ipv4-default, at least for redhat7,
> but this is a policy decision..
Maybe for Redhat 7.2. Has the long name resolution delay when using a
Linux box with IPv6 available (in the kernel) but not configured been
resolved?
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list