svn commit: r303716 - head/crypto/openssh
Andrey Chernov
ache at freebsd.org
Sun Aug 7 14:57:41 UTC 2016
On 07.08.2016 17:40, Warner Losh wrote:
>
>> On Aug 7, 2016, at 7:21 AM, Andrey Chernov <ache at freebsd.org> wrote:
>>>
>>>> We can't turn our security
>>>> team into compatibility team, by constantly restoring removed code, such
>>>> code quickly becomes outdated and may add new security holes even being
>>>> inactive.
>>>
>>> What is security hole by present this ciphers in _client_?
>>
>> It is obvious, but it will be better for you to ask openssh author about
>> his decisions, I have no intention to act like explainer of his action.
>
> That’s a cop-out answer. We, as a project, need to articulate to our
> users, whom we care about, why this rather obnoxious hit to usability
> was taken. The answer must be more complete than “We just disabled
> it because upstream disabled it for reasons we’re too lazy to explain
> or document how to work around"
Maybe I am too lazy, but in this particular case I prefer explanation
from the author rather then my own explanations. In general my guessing
of author intentions related to compatibility case can be not correct
enough, so I don't want anybody relay on it. I.e. I don't want to
mislead anybody.
More information about the svn-src-head
mailing list