Cy Schubert Cy.Schubert at
Wed Mar 14 20:01:49 UTC 2012

In message <4F60EF46.2040405 at>, Mel Flynn writes:
> Hello Cy,
> On 3/14/2012 08:57, Cy Schubert wrote:
> [snip]
> > What I propose to do is remove the GSSAPI
> > patch from security/openssh-portable and for those who need the GSSAPI 
> > server key exchange, create a new port (through a repocopy of course) which
> > includes the GSI patch with reworked FreeBSD patches resolving
> > patch conflicts, calling it security/openssh-portable-gsi. Does this make 
> > any sense to anyone?
> > 
> > Or, instead of the above, just include the GSI patch by default in a 
> > one-size-fits-all openssh-portable port? (Meaning that the GSI patch is 
> > applied regardless.) Does this make more sense to people?
> Personally, I use HPN and LPK. If KRB5 becomes a requirement for HPN, I
> don't find that an issue, but others may.

Given that the current LPK patch is unmaintained by our upstream, I think 
it should be removed and we either move toward a one size fits all port or 
have a second port with the one-size-fits-all GSI patch. Basically the 
current hodgepodge of patches in this port are unmaintainable, which is why 
this port is usually slow to be updated.

We can address the KRB5 requirement with an ifdefs.

I'm leaning toward gutting a one-size-fits-all approach with patches that 
are maintainable. Secondly, if there are requirements for an insecure 
backlevel port, we could repocopy it. I'm not entirely enamoured with that 
idea, caveat emptor of course.

> I'm also keeping a local fix you might want to properly integrate into
> the LPK patch: it fixes a bug that TLS cannot be turned off if
> LPKLdapConf is used.

If I go ahead and have the port repocopied and move forward with this, I'll 
see if I can include this patch.

I'll give it another day before making the repocopy request. The current 
port should be repocopied to openssh-portable58 and the new port assume the 
openssh-portable name.

I've yet to hear from the maintainer of this port for his thoughts on this.

Cy Schubert <Cy.Schubert at>
FreeBSD UNIX:  <cy at>   Web:

More information about the freebsd-ports mailing list