Re: ssh2 and non-stable

[Heather <star@starshine.org>]

> On Wed, 21 Feb 2001, brew@theMode.com wrote:
> > Is it safe to run the non-stable software package ssh2? 
> 
> Within the bounds of common sense, yes. I do.
> 
> > Can I safely use apt-get to install it on my Dell laptop? 
> Yes. Be aware that it will probably bring in a new libc and a few other
> bits...
 
It's been my experience that once you let it change libc you're basically
tracking the next one up.  Safer perhaps to 

	apt-get source ssh

...and only point your deb-src list at unstable; you get mapped against 
the local libraries.

> > I guess my question is really - does non-stable mean it is unsafe, or
> > just not garanteed to be safe. 
> 
> No assurance. In the last couple of years, unstable has been, well,
> unstable on me around three times for a period of around two weeks each.
> 
> Day to day, I don't hardly notice. :)

testing is -trying- to be stable, unstable really is testing the bleeding
edge.  With the attendant chance of running into it and needing a bandage.  

If you want to track unstable "a little bit" then I *deeply* recommend 
keeping your apt-cache directory pointed into a really large disk space so 
it doesn't flush older packages much  ... or using an apt-proxy via a 
disk-laden desktop on your network doing the same ... so you can reach 
back for the mini-rev of the .deb file that *worked* when something goes 
kerblooey.

> > Will an apt-get installation still check for conflicts and
> > dependencies?
> 
> Yes. Identically. :)

But not bugs :/ that's our job!
 
> > And what do I put in my sources.list to get it? I tried adding a
> > source suggested on Usenet, but apt-get still could not locate and
> > install ssh2.
> 
> deb http://http.us.debian.org/debian unstable main contrib non-free
> deb http://non-us.debian.org unstable/non-US main contrib non-free
> 
> The second is probably the more important line.

When sticking to stable, it's important to add
deb http://security.debian.org/ potato/updates main contrib non-free

...so you get packages that cover any security advisories debian had to
nail. 

You can track unstable sources without tweaking your binary deb lines:
deb-src http://http.us.debian.org/debian unstable main contrib non-free
deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free

This is the part where library dependencies can get you instead, and apt won't
help as much.

> > I've successfully installed and am running ssh, but one of the servers
> > I connect with requires Protocol 2.
> 
> Are you *sure* there isn't an OpenSSH client available for stable? I
> don't use it, so can't check, but thought that there was.
> 
> OpenSSH does support SSH2, although I had some troubles with it. Try
> that before committing to unstable, I suggest.

The package named 'ssh' states boldly in its description that it is 
OpenSSH and supports both SSH1 and SSH2.  And I have been using it without
hindrance or care about which one the servers I'm touching were running.

ssh -V should tell you what version you've got, but there are lots of
commandline options.  What message do you get back when you try to connect
to these SSH2 servers? 

> > Thanks.... not only for any help with this but for all the help I've
> > gotten reading this list since I started running Debian in August. I'm
> > slowly learning little by little thanks to you guys! 
> 
> When I was still learning, people helped me. Now I repay that debt. In a
> couple of years, you will do the same. So it goes. :)
> 
>         Daniel

:>


* Heather Stern * star@ many places...