https://bugs.kde.org/show_bug.cgi?id=443155
--- Comment #26 from Brian <bcej...@gmail.com> --- Following that -- Why does KDEConnect Android still bundle an obsolete sshd-core (0.14.0)? The reason given so far has been backward-compatibility with older Android versions, specifically Android 7 and below. This is a relevant commit that gives a bit of detail -- https://invent.kde.org/network/kdeconnect-android/-/commit/ef3fd68f7378398273cb476581bc4f28c6b89515 However, I think this decision should be re-evaluated: * Android 7 was first released 7 years ago, and its final update was in 2019. What is the source of the requirement to support Android <=7? Is this really still required, especially to the detriment of security? * If it is, then is there a way to achieve that backward compatibility, without sacrificing security or usability with newer phones/desktops? For instance, a comment in the above commit says (in the removed lines) that newer versions of sshd-core require the NIO package, which is only available in Android 8+. It sounds like this is the main reason KDE-Connect Android isn't using newer sshd-core. However, that commit also says (in the newly added lines), that adding mina-core somehow makes sshd-core work **without requiring NIO** any longer. So far, this combination seems to have been tested with only sshd-core 0.14.0 -- but perhaps this workaround should also work for newer sshd-core as well, latest being 2.9.2. https://mvnrepository.com/artifact/org.apache.sshd/sshd-core/2.9.2. If that is the case, then it should now be possible to upgrade the sshd-core for all Android, once and for all. -- You are receiving this mail because: You are watching all bug changes.