[snip] > No. I don't want to do it because I lose any security updates from any > vendor. I would become the package vendor, and as a result, I'd become > responsible for packaging security updates. My point was that there are > people who package newer versions of OpenSSH *and* provide security > updates, but I haven't been able to use any of those packages on RHEL > 2.1. Uhm, updating OpenSSH doesn't mean you lose *all* updates from *any* vendor. it means you roll your own OpenSSH. If you like, I'll write you a script that will check for the latest update from fedora core 3, rebuild it on your box, and drop it in a directory for you to inspect/install. > It's goofy. It's a waste of effort. Someone *already* packages new > versions of OpenSSH, why should someone else have to *repackage* the > exact same binary just to get a different set of RPM headers? How does > that make sense? It's not really *goofy* RHEL 2.1 is not the same as RHEL 3.0, you don't expect software built against Windows XP to flawlessly work with windows 98. At least with OpenSource, you have the ability to rebuild for your distro. Glibc changes, K5 changes, all kinds of things that OpenSSH depends on change. > > versions of Openssh for RHEL 2.1, or any other distro you decide to use. > > I would be thrilled to add RHEL to the list of distros I support in my > > repository. It will cost you $50 dollars a month per package you want me > > to track and maintain. > > If the OpenSSH issue were really that important, I wouldn't have many > other choices, would I? Thankfully most of the stuff I run into are > things that, after wasting insane amounts of time on, I can fix myself > (I'm sure you're happy to know your tax money goes towards me having to > duplicate work already done by hundreds to thousands of other > administrators around the world) or I can just live without. In the > OpenSSH case, I don't *need* gssapi-with-mic, it just simplifies a lot > of what I do, especially when I have long ssh->ssh->ssh chains going > through several firewalls. Well, if your email address is indicative of where you work, you shouldn't be getting *any* of my tax money period. And you probably shouldn't get any of it anyway. But if my tax money does go to you doing work, then I have a right to expect to benefit from it. So you need to post and share all the work you have done. -- Public Key available Here: http://www.bravegnuworld.com/~rjune/pubkey.asc
Attachment:
pgp45vP3110EW.pgp
Description: PGP signature