Cy.Schubert at komquats.com
Wed Mar 14 20:01:49 UTC 2012
In message <4F60EF46.2040405 at acsalaska.net>, Mel Flynn writes:
> Hello Cy,
> On 3/14/2012 08:57, Cy Schubert wrote:
> > What I propose to do is remove the GSSAPI
> > patch from security/openssh-portable and for those who need the GSSAPI
> > server key exchange, create a new port (through a repocopy of course) which
> > includes the illinois.edu GSI patch with reworked FreeBSD patches resolving
> > patch conflicts, calling it security/openssh-portable-gsi. Does this make
> > any sense to anyone?
> > Or, instead of the above, just include the GSI patch by default in a
> > one-size-fits-all openssh-portable port? (Meaning that the GSI patch is
> > applied regardless.) Does this make more sense to people?
> Personally, I use HPN and LPK. If KRB5 becomes a requirement for HPN, I
> don't find that an issue, but others may.
Given that the current LPK patch is unmaintained by our upstream, I think
it should be removed and we either move toward a one size fits all port or
have a second port with the one-size-fits-all GSI patch. Basically the
current hodgepodge of patches in this port are unmaintainable, which is why
this port is usually slow to be updated.
We can address the KRB5 requirement with an ifdefs.
I'm leaning toward gutting a one-size-fits-all approach with patches that
are maintainable. Secondly, if there are requirements for an insecure
backlevel port, we could repocopy it. I'm not entirely enamoured with that
idea, caveat emptor of course.
> I'm also keeping a local fix you might want to properly integrate into
> the LPK patch: it fixes a bug that TLS cannot be turned off if
> LPKLdapConf is used.
If I go ahead and have the port repocopied and move forward with this, I'll
see if I can include this patch.
I'll give it another day before making the repocopy request. The current
port should be repocopied to openssh-portable58 and the new port assume the
I've yet to hear from the maintainer of this port for his thoughts on this.
Cy Schubert <Cy.Schubert at komquats.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
More information about the freebsd-ports