I would prefer that: * commercial vendors patched the software they sold * people who purchased from these vendors to take responsibility for their actions and apply pressure on the commercial vendors rather than the free software developers who provide the client software, for free. and I'm not sure what your bugaboo is about a fractured user base; at any given time there are probably hundreds of different versions of openssh being distributed due to different os's, distros, etc. by the way, do you not see that every one of your arguments about the openssh client can be applied, almost verbatim, to the vendor supplied sshd? with the obvious exception that one is supplied by a commercial vendor. bye On Sun, Dec 31, 2017 at 8:04 PM, David Newall <openssh@xxxxxxxxxxxxxxx> wrote: > On 31/12/17 16:44, Peter Moody wrote: > > On Sat, Dec 30, 2017 at 9:47 PM, David Newall <openssh@xxxxxxxxxxxxxxx> > wrote: > > Of course it's the client's fault. The client worked, was changed, and thus > stopped working. > > don't upgrade your client. problem solved. you're at fault for not > pinning your dependencies when you have hard dependencies. > > Really? A fractured user-base: that's what you want? And you want to blame > the victims? People who don't discover that newer versions of openssh don't > work for equipment which they rarely need to access are at fault for > believing that what was promised would never be taken away? Just leave them > a little time bomb. Nice. Very nice. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev