Fabian Stelzer <fs@xxxxxxxxxxxx> writes: > It it not so much an incompatibility but a hard bug in ssh-keygen of my > own making :/ > There is nothing we can do on the git side to fix this since the > find-principal call will always segfault no matter what. So... we cannot do anythying utnil a corrected OpenSSH is made available, but once we can link with a corrected one, do we need to do anything further on the patches in your topic? I am guessing that the ideal endgame would be that we can merge what we have down to 'master' and ship it in a release with a note that says "OpenSSH 8.7 is broken---do not use the ssh signing feature if you cannot update to OpenSSH X.Y (or stay at 8.6)", and that is why I haven't kicked the topic out of 'next' and kept it there. > I will continue writing some tests for the verify-time/key validity > feature. The tests will need some version/feature detection from > ssh-keygen as well so maybe i will still stumble on something that > allows us to detect and warn on this. Thanks.
