Date: Thu, 19 Apr 2012 08:25:19 +0400 From: Solar Designer <solar@...nwall.com> To: owl-dev@...ts.openwall.com Subject: Re: owl and openssh Hi Daniel, On Tue, Apr 17, 2012 at 05:45:09PM +0200, Daniel Cegie?ka wrote: > Why Owl still uses the old version of OpenSSH? Does this have anything to > do with PAM modules? Are you going to do in the near future updates to the > current version of OpenSSH? The version of OpenSSH currently in Owl is old by version number, but it actually has backports of newer stuff, including all relevant security fixes that we are aware of (and we kept watching for them). No, this has almost nothing to do with PAM modules. We should update OpenSSH before our next major release. This task is assigned to Dmitry V. Levin, but somehow he just does not manage to find time for it lately. The task is not trivial because we have patches, some of which will need to remain in the updated package (e.g., the key blacklisting). The updated package may also need to be re-tested for a variety of potential issues, such as timing leaks allowing for easy username probing (an issue that we previously patched, but that might not have been addressed upstream). Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.