Bug#675080: openssh: Possible switch to libbsd?

To: Guillem Jover <guillem@debian.org>, 675080@bugs.debian.org
Subject: Bug#675080: openssh: Possible switch to libbsd?
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 29 May 2012 23:23:04 +0100
Message-id: <[🔎] 20120529222304.GA3430@riva.dynamic.greenend.org.uk>
Reply-to: Colin Watson <cjwatson@debian.org>, 675080@bugs.debian.org
In-reply-to: <[🔎] 20120529190056.GA24075@gaara.hadrons.org>
References: <[🔎] 20120529190056.GA24075@gaara.hadrons.org>

On Tue, May 29, 2012 at 09:00:56PM +0200, Guillem Jover wrote:
> OpenSSH contains an embedded BSD compat layer under openbsd-compat/,
> most of the stuff used by OpenSSH on GNU systems is now provided by
> libbsd (I've been adding stuff after checking users like OpenSSH).
> 
> Before starting to work on a patch, which should mostly involve the
> build system, I was wondering if you'd be interested in it, given
> possible security implications?

Making that stuff diverge from OpenSSH upstream scares me, quite
honestly.  What if they make a security-critical change in
openbsd-compat/ that you don't notice and sync into libbsd in time?

If you're going to do this, I think you should send it upstream as an
option that *they* explicitly support, and that way they've bought into
the notion that whatever they do needs to be in libbsd too.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Bug#675080: openssh: Possible switch to libbsd?
  - From: Guillem Jover <guillem@debian.org>

Prev by Date: Bug#675080: openssh: Possible switch to libbsd?
Next by Date: Bug#675205: openssh-client: openssh 1:6.0 should depend on libssl1.0.0 >= 1.0.1
Previous by thread: Bug#675080: openssh: Possible switch to libbsd?
Next by thread: Bug#675205: openssh-client: openssh 1:6.0 should depend on libssl1.0.0 >= 1.0.1
Index(es):
- Date
- Thread