FYI: SSH1 now disabled at compile-time by default
Dan Kaminsky
dan at doxpara.com
Fri Mar 27 05:55:18 AEDT 2015
You're right. My argument the is the next build of OpenSSH should be
OpenSSH 7, and the one after that 8, then 9, then 10. No minor releases?
Sure, go ahead. Deprecate the point,
Do you manage any machines running SSHv1?
On Thu, Mar 26, 2015 at 11:44 AM, Iain Morgan <imorgan at nas.nasa.gov> wrote:
> On Thu, Mar 26, 2015 at 10:19:05 -0700, Dan Kaminsky wrote:
> > Communication is a two way street. If OpenSSH wants to go down the route
> > of single releases, like the browsers did, it can remove its minor
> numbers,
> > like the browsers did.
> >
>
> There's no question of "going down the route." This has been the
> practice with OpenSSH for many years -- if not from the beginning.
>
> Certainly, those outside of the OpenSSH development community often
> assume the major/minor release scheme used by the majority of open
> source projects, but I'm suprised to see such confusion on this list.
>
> As to disabling SSH v1, hurray! The protocol has been long-obsolete and
> it is well-known to be insecure. Sure, some will eventually be impacted
> by this, but maybe that is a good thing. Perhaps it will give a little
> more incentive for those who are still using SSH1 to move into this
> century.
>
> --
> Iain Morgan
>
More information about the openssh-unix-dev
mailing list