On 4/10/2025 10:23 PM, Brooks Davis wrote:
On Thu, Apr 10, 2025 at 10:24:49PM +0000, Bjoern A. Zeeb wrote:
Is there any chance to keep an openssh (client) port (possibly with known
security risks)?
It seems like it would be reasonable to keep a copy of the 9.8 client
around more or less indefinitely. Ideally tracking what ever fixes the
longest lived, open Linux LTS is applying.
Similarly we have an openssl-unsafe for connecting to old gear.
I may be mistaken, but I believe security/putty's upstream takes the
maximum compatibility approach. If I'm correct, people may want to
switch to it for these needs.
For a security/openssh98 or similar we might want to do something
I for one GREATLY appreciate FreeBSD's commitment and thoughtfulness
around POLA through the years, but I think this is a case where having a
separate legacy DSA supporting ssh client is a reasonable path to take
for those who need it (I include myself in that list). I think it makes
maintaining OpenSSH a little less brittle through minimizing the
divergence in code from upstream.
---Mike
