Re: security vs. potato?

To: debian-user@lists.debian.org
Subject: Re: security vs. potato?
From: Alexander Steinert <stony8@gmx.de>
Date: Fri, 1 Mar 2002 12:29:00 +0100
Message-id: <[🔎] 20020301122900.B443@tyche.svt.tu-harburg.de>
Mail-followup-to: Alexander Steinert <stony8@gmx.de>, debian-user@lists.debian.org
In-reply-to: <20020227070356.C1376@serensoft.com>; from will@serensoft.com on Wed, Feb 27, 2002 at 07:03:56AM -0600
References: <20020227070356.C1376@serensoft.com>

> according to packages.debian.org/ssh2 there is no ssh2 package
> available for potato/stable.
> 
> i suppose this is a conundrum for the developers -- normally
> security fixes are beamed back to potato in a hurry, but ssh
> (version 1) has security troubles, and to fix them would
> introduce a new package (ssh2) which is against 'stable'
> policy...
> 
> what's the fix for a potato production server? can ssh2 be had
> from nonstandard apt sources for potato?

If you want to avoid protocol version 1, you can get and build the
openss[lh] sources from testing and install the binaries. It worked for
me on Oct. 20th:
# dpkg -i /usr/local/src/DEB-SRC/openssl/openssl_0.9.6b-2_i386.deb
# dpkg -i /usr/local/src/DEB-SRC/openssl/libssl0.9.6_0.9.6b-2_i386.deb
# dpkg -i /usr/local/src/DEB-SRC/openssl/libssl-dev_0.9.6b-2_i386.deb
# dpkg -i /usr/local/src/DEB-SRC/openssh/ssh_2.9p2-6_i386.deb

HTH

Stony

Reply to:

Prev by Date: Re: Flash Player doesn't work.
Next by Date: Re: No KDE for me
Previous by thread: Re: FQDN foobar
Next by thread: web-based email for debian?
Index(es):
- Date
- Thread