magik at roorback.net
Thu Mar 15 07:17:46 UTC 2012
On 03/14/2012 09:01 PM, Cy Schubert wrote:
> In message<4F60EF46.2040405 at acsalaska.net>, Mel Flynn writes:
>> Hello Cy,
>> On 3/14/2012 08:57, Cy Schubert wrote:
>>> What I propose to do is remove the GSSAPI
>>> patch from security/openssh-portable and for those who need the GSSAPI
>>> server key exchange, create a new port (through a repocopy of course) which
>>> includes the illinois.edu GSI patch with reworked FreeBSD patches resolving
>>> patch conflicts, calling it security/openssh-portable-gsi. Does this make
>>> any sense to anyone?
>>> Or, instead of the above, just include the GSI patch by default in a
>>> one-size-fits-all openssh-portable port? (Meaning that the GSI patch is
>>> applied regardless.) Does this make more sense to people?
>> Personally, I use HPN and LPK. If KRB5 becomes a requirement for HPN, I
>> don't find that an issue, but others may.
> Given that the current LPK patch is unmaintained by our upstream, I think
> it should be removed and we either move toward a one size fits all port or
> have a second port with the one-size-fits-all GSI patch. Basically the
> current hodgepodge of patches in this port are unmaintainable, which is why
> this port is usually slow to be updated.
> We can address the KRB5 requirement with an ifdefs.
> I'm leaning toward gutting a one-size-fits-all approach with patches that
> are maintainable. Secondly, if there are requirements for an insecure
> backlevel port, we could repocopy it. I'm not entirely enamoured with that
> idea, caveat emptor of course.
>> I'm also keeping a local fix you might want to properly integrate into
>> the LPK patch: it fixes a bug that TLS cannot be turned off if
>> LPKLdapConf is used.
> If I go ahead and have the port repocopied and move forward with this, I'll
> see if I can include this patch.
> I'll give it another day before making the repocopy request. The current
> port should be repocopied to openssh-portable58 and the new port assume the
> openssh-portable name.
> I've yet to hear from the maintainer of this port for his thoughts on this.
I (maintainer of security/openssh-portable) need one or two days to
review GSI patch and other patches which are available for openssh-5.9.
But repocopy security/openssh-portable to security/openssh-portable58
and upgrade security/openssh-portable to 5.9 sound reasonable.
More information about the freebsd-ports