fredagen den 11 oktober 2002 05.56 skrev Han Boetes: > Oden Eriksson ([EMAIL PROTECTED]) wrote: > > torsdagen den 10 oktober 2002 18.47 skrev Vincent Danen: > > > On Wednesday, October 9, 2002, at 08:04 PM, Oden Eriksson wrote: > > > > > > [...] > > > > > > > > The point is I don't like to do this. It's fine to patch things > > > > > for fixes, proper language translations, etc. But adding > > > > > features like this causes other problems... it will bring a lot > > > > > of bad publicity for MandrakeSoft because of Theo; he's made > > > > > many threats in the past and he's neurotic enough to follow > > > > > through. For instance, if we do something Theo really doesn't > > > > > like, or that Markus doesn't like, any questions regarding > > > > > openssh that even faintly mention Mandrake somewhere in the > > > > > equation, will get blasted by the openssh developers, and > > > > > they'll be referred here with none too kind words. > > > > > > > > > > I'd rather avoid that sort of thing. > > > > > > > > Ahh, I didn't think that far, are they really such a*holes? May I > > > > ask what those threats were? > > > > > > Let's call them protective. And the threats were basically bad > > > publicity amongst many other Linux/BSD vendors and communities, big > > > anti-MandrakeSoft sentiments on the openssh website, that sort of > > > thing. I don't recall the particulars, but it was enough for me to > > > remove the offending patches. > > > > Hmm..., that sounds just plain childish to me. My godness... > > The explanation isn't really good. > > Theo and Co make OpenSSH. They do their very best to make it work on all > platforms even though other people give them a hard time because of all > different kinds of versions of pam. > > And as long as everybody uses an unpatched version of OpenSSH they can > tell from the bug reports what is going on by looking at their own > source code. They want to do that. They feel responsible for the product > and they have a name to keep. > > Now somebody sees a nice looking patch and it is a perfectly written > patch. They will get questions about the features in it. For something > they never wrote. > > What if it contains a bug? They get the questions. And not from one or > two people. No thousands. > > What if it contains an exploit... go figure what will happen to them. > And they really really didn't even do it.
Like the last one, he he... > And ssh isn't just another app. If it gets broken into you can severely > damage a whole distro. I mean patch a kernel... who cares. That's your > problem. You can patch nearly anything but it won't damage the product > kernel. But this is not the case for OpenSSH. If you manage to break it > you damage the whole concept of OpenSSH, not only on your own distro, no > on all platforms. > > So I can imagine Theo and Co being very much against custom added > patches. > > I'd suggest being very careful with OpenSSH not to apply any custom > patches other than things that make the build go right. I'd even suggest > honoring his opinion about pam just to make sure OpenSSH is secure and > stays that way. Wow! Now you have made me grasp the whole picture. Thank you. In the beginning of this thread I was really thrilled and exited with this new feature..., now I'm not that sure anymore. Also, why be pioneers and guinea pigs for a closed commercial propetary software, even when this part of the code is BSD?. I tend to totally agree with you and Vincent Danen now, skip this patch, forget I ever mentioned it. But do make the OpenSSH authors aware of its existance, if not done allready, they might even like it?. Again, here's the URL: http://www.vandyke.com/download/os/pks_ossh.html Let this particular mail act as a FAQ about the OpenSSH policy vs. OpenSSH + patches policy in Mandrake Linux. Thank you. -- Regards // Oden Eriksson - Deserve-IT Networks http://d-srv.com Check the "Modules For Apache2" status page at: http://d-srv.com/modules_for_apache2.html