dropping ssh-nonfree
I'm really not convinced there's any good reason to keep ssh-nonfree
around much longer:
* For a while, its only significant advantage over OpenSSH -- at least
IMO -- was krb5 support, but OpenSSH (in the form of the ssh-krb5
package) now handles that as well.
* Nobody has stepped up to maintain the package since I orphaned it 11
weeks ago, indicating that other developers aren't especially
interested in it either. (The reason I'm still listed as its
maintainer is actually also one of my major reasons for orphaning
the package in the first place: buggy US crypto regulations keep me
from directly uploading ssh-nonfree binaries built against MIT
Kerberos.)
* People keep on finding security holes that we need to plug.
The only question is when to drop it: before releasing woody would
probably be best, but then we'll have to implement a smooth transition
relatively quickly.
Then again, we could probably arrange for a decent transition by
creating a dummy "ssh-nonfree 2" package that simply depended on ssh
and versioning ssh's conflict with ssh-nonfree. Likewise for
ssh-askpass-nonfree; ssh-socks, meanwhile, could become an OpenSSH
binary package directly. We'd still have to deal with properly
preserving configuration, though.
Thoughts?
--
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
Finger amu@monk.mit.edu for more info.
Reply to: