Re: Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Les Mikesell wrote:
Ralph Angenendt wrote:

- What does our upstream think about this?
- What do the OpenSSH developers think about this?
Someone is going to need to ask those questions of the people...

I don't think the OpenSSH devels really do care about that - there is no
discussion whatsoever on the secureshell list or on the devel list.

No idea about our upstream, but I don't think so either.

Does anyone know the point of the patch in the first place? That is, why would a distro-specific modification have been needed at all? I don't suspect an intentional compromise here but I'm curious about why anyone would consider a non-standard change.


The change was added due to valgrind testing of openssh and warnings produced while compiling.

The removal was discussed on the openssh-devel list.

If was clearly an accident caused by trying to do the right thing.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux