Re: security vs. potato?
> according to packages.debian.org/ssh2 there is no ssh2 package
> available for potato/stable.
> i suppose this is a conundrum for the developers -- normally
> security fixes are beamed back to potato in a hurry, but ssh
> (version 1) has security troubles, and to fix them would
> introduce a new package (ssh2) which is against 'stable'
> what's the fix for a potato production server? can ssh2 be had
> from nonstandard apt sources for potato?
If you want to avoid protocol version 1, you can get and build the
openss[lh] sources from testing and install the binaries. It worked for
me on Oct. 20th:
# dpkg -i /usr/local/src/DEB-SRC/openssl/openssl_0.9.6b-2_i386.deb
# dpkg -i /usr/local/src/DEB-SRC/openssl/libssl0.9.6_0.9.6b-2_i386.deb
# dpkg -i /usr/local/src/DEB-SRC/openssl/libssl-dev_0.9.6b-2_i386.deb
# dpkg -i /usr/local/src/DEB-SRC/openssh/ssh_2.9p2-6_i386.deb