Re: FYI: SSH1 now disabled at compile-time by default

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 2015-03-25 at 18:48 +1100, Damien Miller wrote: 
> Our ability to influence people who run truly obsolete software is
> extremely limited.
+1, mostly because those who still use something that outdated in their
products are either dead, or simply don't care about their customer's
security (which is typical in the embedded devices area).
Just by us (or anyone else) saying anything, that won't change.

> The best we can do is deprecate as noisily as
> possible after extremely generous grace period. This is what we are
> doing
I think just deprecating is what has been done years ago - everyone can
by now truly know that SSH1 should not have been used since a long time.

I'd even support if you really remove the v1 related code from the
codebase. Just deactivating it per default and affected people will
simply enable it again, without bothering to do their homework.
And even if 6.9 would really lack v1 support, people could still just
use anything <6.9  for v1 - they won't be less secure.


:)

Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux