svn commit: r303716 - head/crypto/openssh
Warner Losh
wlosh at bsdimp.com
Sun Aug 7 14:40:18 UTC 2016
> On Aug 7, 2016, at 7:21 AM, Andrey Chernov <ache at freebsd.org> wrote:
>>
>>> We can't turn our security
>>> team into compatibility team, by constantly restoring removed code, such
>>> code quickly becomes outdated and may add new security holes even being
>>> inactive.
>>
>> What is security hole by present this ciphers in _client_?
>
> It is obvious, but it will be better for you to ask openssh author about
> his decisions, I have no intention to act like explainer of his action.
That’s a cop-out answer. We, as a project, need to articulate to our
users, whom we care about, why this rather obnoxious hit to usability
was taken. The answer must be more complete than “We just disabled
it because upstream disabled it for reasons we’re too lazy to explain
or document how to work around"
Warner
More information about the svn-src-head
mailing list