Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Mar 2011 01:52:27 +0300
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: OpenSSH update

Dmitry,

Would you be the one to update the OpenSSH package in Owl, or should we
assign this task to someone else, likely Vasiliy (if he accepts indeed)?

You're the primary candidate due to your maintenance of OpenSSH for ALT
Linux and your familiarity with our patches (which you forward-ported).

I notice that you added audit support to ALT's package - was this
requested by a user?  Are you using this functionality yourself?  Do you
think we should have it in Owl?

I have mixed feelings about adding auditing support to Owl.  On one
hand, this is a potentially useful security-relevant feature.  On the
other, there's been almost no demand for it so far, and it is an added
risk (extra library code running as root, perhaps even including
processing of input from remote clients prior to authentication -
although I did not look into this myself).  One of the advantages of Owl
is our reduced bloat.  Our sshd is linked against a lot fewer libraries
than Red Hat's.  The addition of auditing would change this somewhat...

What do you say?

Some links for others on the list:

http://sisyphus.ru/en/srpm/Sisyphus/openssh
http://git.altlinux.org/people/ldv/packages/?p=openssh.git
http://git.altlinux.org/people/ldv/packages/?p=openssh.git;a=commitdiff;h=ced408c0358d034bc45ee5f2ce87a4f56e6eb4a6

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ