--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: openssh: Possible switch to libbsd?
- From: Guillem Jover <guillem@debian.org>
- Date: Tue, 29 May 2012 21:00:56 +0200
- Message-id: <20120529190056.GA24075@gaara.hadrons.org>
Source: openssh
Source-Version: 1:6.0p1-1
Severity: wishlist
Hi!
OpenSSH contains an embedded BSD compat layer under openbsd-compat/,
most of the stuff used by OpenSSH on GNU systems is now provided by
libbsd (I've been adding stuff after checking users like OpenSSH).
Before starting to work on a patch, which should mostly involve the
build system, I was wondering if you'd be interested in it, given
possible security implications? Regarding new dependencies, I don't
think that'd be a problem as openssh-client uses libedit which in
turn uses libbsd already.
After a quick look on the latest version I can see that at least the
following could be switched over to libbsd:
bsd-arc4random.c bsd-closefrom.c bsd-getpeereid.c readpassphrase.c
strlcat.c strlcpy.c getopt.c vis.c strmode.c strtonum.c sys-queue.h
sys-tree.h
And I'm always interested in adding new BSD compat stuff to libbsd,
in case it's missing there.
thanks,
guillem
--- End Message ---
--- Begin Message ---
- To: 675080-close@bugs.debian.org
- Subject: Re: Bug#675080: openssh: Possible switch to libbsd?
- From: Colin Watson <cjwatson@debian.org>
- Date: Sun, 2 Apr 2017 02:20:37 +0100
- Message-id: <20170402012037.GA7613@riva.ucam.org>
- In-reply-to: <20120529222304.GA3430@riva.dynamic.greenend.org.uk>
- References: <20120529190056.GA24075@gaara.hadrons.org> <20120529222304.GA3430@riva.dynamic.greenend.org.uk>
Control: tag -1 wontfix
On Tue, May 29, 2012 at 11:23:04PM +0100, Colin Watson wrote:
> On Tue, May 29, 2012 at 09:00:56PM +0200, Guillem Jover wrote:
> > OpenSSH contains an embedded BSD compat layer under openbsd-compat/,
> > most of the stuff used by OpenSSH on GNU systems is now provided by
> > libbsd (I've been adding stuff after checking users like OpenSSH).
> >
> > Before starting to work on a patch, which should mostly involve the
> > build system, I was wondering if you'd be interested in it, given
> > possible security implications?
>
> Making that stuff diverge from OpenSSH upstream scares me, quite
> honestly. What if they make a security-critical change in
> openbsd-compat/ that you don't notice and sync into libbsd in time?
>
> If you're going to do this, I think you should send it upstream as an
> option that *they* explicitly support, and that way they've bought into
> the notion that whatever they do needs to be in libbsd too.
For this reason, I don't intend to accept any change along those lines
as a Debian patch. If it's needed, it needs to go upstream first, and
in that case I'll certainly switch on the necessary build-dependencies
and such - but to be honest I think a lot of that code is tightly-enough
integrated with OpenSSH that upstream would be justified in saying that
they'd rather keep tight control of it.
Thanks,
--
Colin Watson [cjwatson@debian.org]
--- End Message ---