Current behavior to set DSCP EF code point by default is harmful

Chris Rapier rapier at psc.edu
Sun Apr 12 02:50:57 AEST 2026 


On 4/11/2026 04:51, Hendrik Visage wrote:
> On Fri, Apr 10, 2026 at 4:09 AM Theo de Raadt <deraadt at openbsd.org> wrote:
>> We deployed this in OpenSSH incrementally and substantially for 6
>> months,
> 
> The "fun" with especially RedHat and Debian, is they don't do that
> much "incremental" and are quite bang releases, thus, a claim like
> this doesn't quite hold water as we see it not when it get's released,
> but when the version after this baked in in release get released by
> the distros.

I don't think OpenSSH has any influence or control over the release 
practices of any distribution (with the possible exception of OpenBSD). 
As such, OpenSSH's release schedule, especially in regards to changes in 
functionality, should not be beholden to what Fedora or Debian do. 
Additionally, the package maintainers at these distributions are more 
than smart enough to identify potential issues and patch them as 
required for their distributions. Which is clear if you review the 
package source - both RedHat and Debian/Ubuntu have a significant number 
of patches for OpenSSH to tune their ssh releases to match the needs of 
their users.

> 
>>   and by my recollection have heard only two concerns previously
> 
> And here the flood starts as Trixie in PVE9 are now getting full
> installs and upgrades.

That would be an issue that the package maintainers need to address.


>> I think we can afford to wait for the community to understand that the
>> majority of SSH traffic is minimal, generally either trivial volume or
>> for critical management,
> 
> hmmm... again, though there are water in that argument, SSH traffic
> quickly can get the majority when a tcpdump is execute in the shell..
> and yes, from a network management perspective, those are common
> patterns in my life doing hosting and managing/involved with IXP
> network.

On this I agree with you. A *lot* of people use ssh for bulk data 
transport. Especially since Globus changed their licensing protocol. 
However, OpenSSH uses a different setting for non-interactive settings.

Chris

More information about the openssh-unix-dev mailing list