> as a thought experiment, imagine asking the chrome devs to keep supporting ssl v3 because some commercial appliance you run hasn't been updated in a decade. >From what I recall that was an issue. I can tell you that there will always be people who have antiquated legacy equipment they cannot update that will support antiquated legacy protocols. One insight that I have however is that the people who have those pieces of legacy equipment are more likely to be large companies than private individuals. I will also note that there are great benefits to removing legacy code - they were often written during more un-enlightened times and may have their own cruft that makes the overall system harder to maintain. Less technical debt is also likely to lead to better code when you can focus on the amount remaining. After all, is there nothing more sublime then deleting code to improve your deliverable? I'd humbly suggest that if people really want to have an official "legacy OpenSSH" they should pay Damien to maintain it. Going back to my above point, most end users who need ssh-dss are big companies with locked in hardware that cannot be updated. They should be able to spare some dollars to support connecting to their equipment. I'm sure that whatever is worked out will be less than hiring consultants to come up with a solution to maintain a legacy binary. Cheers, Ethan On Mon, Aug 30, 2021 at 8:51 AM Peter Moody <mindrot@xxxxxxxx> wrote: > > That will take effort and I bet leaving them in the code will take none. > > neither you nor I are maintainers of openssh, but with unit tests and > configure options, this strikes me as a weird assumption to make. > > look, this comes up every time openssh removes support for some > horribly broken crypto. "you're making my devices inaccessible, how > could you!?" and the answer is always the same, > > 1. you're free to maintain a copy of the ssh client that supports > your old devices. > 2. you should be complaining to your hardware vendor, to whom you > pay/paid actual money. > > as a thought experiment, imagine asking the chrome devs to keep > supporting ssl v3 because some commercial appliance you run hasn't > been updated in a decade. > > /rant > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev