Package: openssh-client Version: 1:3.8p1-2 Severity: wishlist http://bugs.debian.org/237021 introduced a configuration change that set ForwardX11Trusted to "yes" by default on debian systems, where upstream (and other distros that follow upstream) set ForwardX11Trusted by default to "no". ForwardX11Trusted is a security risk -- it allows capture of arbitrary content from your local X session by your remote ssh operation. I understand why 237021 was resolved the way it was -- this change took some people by surprise, and it wasn't widely expected elsewhere. Today, the story is different -- upstream has had the default to "no" for over a decade now. People who want to trust their remote systems can set ForwardX11Trusted to "yes" manually. We're also at a point in the release cycle where this change can be made and give programmatic users of openssh an opportunity to make any adjustments they need to. Debian should no longer diverge in this insecure way from upstream's defaults. Thanks for maintaining OpenSSH in debian! Regards, --dkg
Attachment:
signature.asc
Description: PGP signature