Paul Mattal wrote:
eliott wrote:
On 11/27/07, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
I'd like to move heimdal to core/lib. This gives us kerberos libs in core, and will close out this bug:
http://bugs.archlinux.org/task/8373
Any problems with this? One last poke here - I'm going to do this in a few hours if no one has an issue. I am actually against it, based on the dialog in the bug ticket.. Is this patch not included upstream, as the ticket mentioned? If that is the case, and considering the extreme sensitivity of ssh in general, I think we should as close to upstream as possible.
I venture a bet that not many people use kerberos'd ssh too. I guess I don't see why somebody couldn't build their own ssh package with the kerberos patches.
I agree that the security of ssh is of paramount importance, but also recognize that the kerberos patches might be necessary for some.
Has anyone looked critically at the patches and have anything at all to say about what security risks they may present? If not, I think I agree with elliott, we should not include them.
Sorry, I think I crossed with another message on this topic which I should have read first. If this is just a compile-time flag already fully supported by openssh upstream, I'm for it. - P