On Mon, Jan 9, 2023 at 4:15 PM Konstantin Olchanski <olcha...@triumf.ca> wrote:
>
> On Sun, Jan 08, 2023 at 08:48:33AM -0500, Nico Kadel-Garcia wrote:
> >
> > There is a third party SRPM at:
> >
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__rnd.rajven.net_centos_6_os_SRPMS_openssh-2D6.4p1-2D1cnt6.1.src.rpm&d=DwIBaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=APF_X_sbP87-U3byu32i-cPT0N0xHPBEhLmLSTRjCbrt6c02NpZBAfu3Z0LoBDLm&s=RoFP8HoZRy6liEx_Q1o6LAJzDhmsdUjdbqtBPSwXUrI&e=
> >
>
> For the record, urldefence successfully obscures the fact that it points
> to rnd.rajven.net which happens to be registered in Moscow, Russia, per
> xttps://www.whois.com/whois/rajven.net
Yeah. That's what SRPMs are for, you can validate the source tarballs
and review any patches and the .spec file. I've stashed an extracted
copy, with some build setups, ove rat:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_nkadel_openssh-2Del6-2Dsprm&d=DwIFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=eVSUypNdoUa2w3353fopIRG8PaxNCEPpwIVwfTocUtsNDu918dKEP8YgY09rLJ8V&s=99VtsxOpeTvgPnZrGKRKy7rDcl3d3tRYlrZ8smUdBjg&e=
> A year ago, I would have said, yay, thanks!
>
> But after certain recent events, I say thank you, but no, thanks.
>
> P.S.
>
> It looks like my remaining option is to build openssh from OpenBSD "portable"
> sources.
See above. That will help build clean RPMs for your local SL6
environment. And yes, I've been doing this sort of thing since...
2000. If you like, I'd be happy to walk you through how to do those,
but that might not be appropriate for the whole mailing list.
Nico Kadel-Garcia
> P.P.S. to answer some comments:
>
> - obsolete - only because you say so. like a mechanical bike, it does today
> what it did yesterday, users are happy.
> - "so old" - like a grand-father's axe, most our SL6 machines hardware was
> upgraded 2-3 times by now, they run from SSDs on DDR3/DDR4 RAM machines.
> - exception is VME processors - true Pentium-3 and Pentium-4 machines, fit
> for a museum. purported replacement ("core-2 duo" CPU) was a lemon (high
> mortality, all dead now). next purported replacement was okey, but went out
> of production too soon. "just replace it" people, should look at current
> prices for VME processors and VME hardware, then ask about delivery times,
> then come back with suggestions (and $$$).
> - insecure - exactly where? ssh insecure? nfs insecure? https insecure (A+
> score from SSLlabs)?
> - "hide behind firewall!" - done, 1-2 layers of firewalls. external ssh and
> https access is required by function.
> - VMs, containers - shuffle chairs in the titanic, does not address any of
> the issues above.
> --
> Konstantin Olchanski
> Data Acquisition Systems: The Bytes Must Flow!
> Email: olchansk-at-triumf-dot-ca
> Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
