On 10.09.21 20:44, Junio C Hamano wrote: > Fabian Stelzer <fs@xxxxxxxxxxxx> writes: > >> It it not so much an incompatibility but a hard bug in ssh-keygen of my >> own making :/ >> There is nothing we can do on the git side to fix this since the >> find-principal call will always segfault no matter what. > So... we cannot do anythying utnil a corrected OpenSSH is made > available, but once we can link with a corrected one, do we need to > do anything further on the patches in your topic? OpenSSH will probably release a new version in October. I will send a new diff of my patch in a bit after the CI runs are through fixing a bug with some buffers that could sometimes lead to memory corruption (i war releasing a buffer while still iterating over its contents), a small test fix and a minor improvement using git_config_pathname instead of string. Besides that i think its good. For the key lifetime changes that require openssh 8.7 i will send a new patchset afterwards. > > I am guessing that the ideal endgame would be that we can merge what > we have down to 'master' and ship it in a release with a note that > says "OpenSSH 8.7 is broken---do not use the ssh signing feature if > you cannot update to OpenSSH X.Y (or stay at 8.6)", and that is why > I haven't kicked the topic out of 'next' and kept it there. Sounds good to me. Thanks
