On Wed, 2004-12-08 at 11:05 -0500, Richard June wrote: > > RHEL 2.1's OpenSSH does not support gssapi-with-mic. It's something I > > can live without, and am indeed doing just that, because packaging > > headaches make it too difficult to use one of the bazillion existing > > repositories/packages of newer OpenSSH versions. The only choice I have > > is to install from source, and then I become the security maintainer, > > instead of letting the trusted third-party repository do it for me. > wow. that's just amazing. > You want RPMs of later versions of OpenSSH for RHEL so that you can have > gssapi-with-mic support. You don't want to do this yourself because it will > break compatibility with all the other ISVs who've provided software you run > on your machine. I will be more than happy to provide to you, RPMs for later No. I don't want to do it because I lose any security updates from any vendor. I would become the package vendor, and as a result, I'd become responsible for packaging security updates. My point was that there are people who package newer versions of OpenSSH *and* provide security updates, but I haven't been able to use any of those packages on RHEL 2.1. It's goofy. It's a waste of effort. Someone *already* packages new versions of OpenSSH, why should someone else have to *repackage* the exact same binary just to get a different set of RPM headers? How does that make sense? > versions of Openssh for RHEL 2.1, or any other distro you decide to use. I > would be thrilled to add RHEL to the list of distros I support in my > repository. It will cost you $50 dollars a month per package you want me to > track and maintain. If the OpenSSH issue were really that important, I wouldn't have many other choices, would I? Thankfully most of the stuff I run into are things that, after wasting insane amounts of time on, I can fix myself (I'm sure you're happy to know your tax money goes towards me having to duplicate work already done by hundreds to thousands of other administrators around the world) or I can just live without. In the OpenSSH case, I don't *need* gssapi-with-mic, it just simplifies a lot of what I do, especially when I have long ssh->ssh->ssh chains going through several firewalls. > > -- > fedora-devel-list mailing list > fedora-devel-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-devel-list -- Sean Middleditch <elanthis@xxxxxxxxxxxxxxx> AwesomePlay Productions, Inc.
