On Wed, 2004-12-08 at 11:57 -0500, Richard June wrote: > [snip] > > No. I don't want to do it because I lose any security updates from any > > vendor. I would become the package vendor, and as a result, I'd become > > responsible for packaging security updates. My point was that there are > > people who package newer versions of OpenSSH *and* provide security > > updates, but I haven't been able to use any of those packages on RHEL > > 2.1. > Uhm, updating OpenSSH doesn't mean you lose *all* updates from *any* vendor. Sorry, I meant to say that I lose any updates available from any of the OpenSSH vendors, of which there are several I could choose from. > > It's goofy. It's a waste of effort. Someone *already* packages new > > versions of OpenSSH, why should someone else have to *repackage* the > > exact same binary just to get a different set of RPM headers? How does > > that make sense? > It's not really *goofy* RHEL 2.1 is not the same as RHEL 3.0, you don't > expect software built against Windows XP to flawlessly work with windows 98. Yes, actually, I do. And I'm rarely disappointed. I really can't remember the last major conflict I've seen with a Windows app that wasn't fixable with minor configuration tweaks... we have a couple proprietary apps here for tax management that aren't even developed anymore, were originally installed on Win98 machines, and which still run fine after upgrading to WinXP and then SP2. Most commercial games are developed on 2000 or XP and yet still support 98. Windows does not generally break compatibility and does not generally have magic compilations environments where the exact same source can end up with wildly different binary requirements and interfaces depending on where and when it was compiled. I don't expect Linux to be at that level of interface stability at this moment, but I do expect to at least be slowly moving towards it, eventually. Which is what this whole thread is about. Things that can be improved that have absolutely no negative impact on how Linux works now for any users while potentially improving things for other users. Better packaging isn't going to hurt anyone, but it will help. I haven't yet seen so much as a single argument against my original suggestion - not one. > > If the OpenSSH issue were really that important, I wouldn't have many > > other choices, would I? Thankfully most of the stuff I run into are > > things that, after wasting insane amounts of time on, I can fix myself > > (I'm sure you're happy to know your tax money goes towards me having to > > duplicate work already done by hundreds to thousands of other > > administrators around the world) or I can just live without. In the > > OpenSSH case, I don't *need* gssapi-with-mic, it just simplifies a lot > > of what I do, especially when I have long ssh->ssh->ssh chains going > > through several firewalls. > Well, if your email address is indicative of where you work, you shouldn't be > getting *any* of my tax money period. And you probably shouldn't get any of No, the mail address I use for mailing lists is my personal address. Keeps things simpler. ^_^ > it anyway. But if my tax money does go to you doing work, then I have a right > to expect to benefit from it. So you need to post and share all the work you > have done. Despite common belief, computers do a lot of work besides just generate software. ~_^ My work benefits our residents. Some of it directly, some indirectly by improving productivity in our offices. We also do release any patches we write back upstream - most of the GNOME and Debian stuff I've done, for example. Definitely one of the advantages of working here, even with the crappy pay. ;-) -- Sean Middleditch <elanthis@xxxxxxxxxxxxxxx> AwesomePlay Productions, Inc.
