On Thu, 3 Dec 2015 16:14:16 +0100 Klaus Ethgen <kl...@ethgen.de> wrote: > Source: openssh > Version: 1:7.1p1-1 > Severity: important > > The new version comes without blowfish cipher. That breaks access to > systems that only allows blowfish cipher. This is a major concern as > afterwards it is not possible anymore to get back access to such > systems. > > Please at least display a big warning when updating the package that > admins are able to postpone the update. Currently that change is not > even seen in changelog. > > [...]
Hi, For reference, I have added a note to the Debian Release Notes for Stretch about OpenSSH dropping ciphers and protocols by default. It will be available on-line in a couple of hours at: * https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html Reviews welcome. Thanks, ~Niels
signature.asc
Description: OpenPGP digital signature
