Followup on Inquiry about regreSSHion postmortem
Theo de Raadt
deraadt at openbsd.org
Thu Aug 21 00:09:35 AEST 2025
Rene,
You have already
- decided to not figure out how -portable merges are handled,
- written a long conclusion accusing malice
Now, after that long conclusion you have "questions" ?
I'm pretty sure nothing will change your mind.
> Ok I should be clearer here, yes there are merges, but explain to me how a merge conflict would remove the two critical flags. I am not talking about surface here. I am talking about a clear step by step analysis, that shows how the flags got removed.
>
> /Rene
> ________________________________
> From: Stuart Henderson <stu at spacehopper.org>
> Sent: Wednesday, August 20, 2025 3:07 PM
> To: Rene Malmgren <rene.malmgren at redtoken.ae>
> Cc: openssh-unix-dev at mindrot.org <openssh-unix-dev at mindrot.org>
> Subject: Re: Followup on Inquiry about regreSSHion postmortem
>
> On 2025/08/20 10:41, Rene Malmgren wrote:
> > Actually, there is no evidence in the available data that such a merge even has happened
>
> This is simply the way that cross-platform OpenSSH commits are done:
>
> - they are first made to OpenBSD's CVS tree
>
> - then they are later merged to openssh-portable git with an "upstream:
> XX" comment and OpenBSD-Commit-ID line (with the RCS ID line synced with
> that from the OpenBSD tree in the commit)
>
> there is plenty of evidence of this, and nothing on the surface unusual
> about this merge commit compared with others
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list