[arch-dev-public] Moving heimdal to core

Paul Mattal paul at mattal.com
Tue Nov 27 15:35:13 EST 2007

eliott wrote:
> On 11/27/07, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>>> I'd like to move heimdal to core/lib. This gives us kerberos libs in
>>> core, and will close out this bug:
>>> http://bugs.archlinux.org/task/8373
>>> Any problems with this?
>> One last poke here - I'm going to do this in a few hours if no one has an issue.
> I am actually against it, based on the dialog in the bug ticket..
> Is this patch not included upstream, as the ticket mentioned? If that
> is the case, and considering the extreme sensitivity of ssh in
> general, I think we should as close to upstream as possible.
> I venture a bet that not many people use kerberos'd ssh too. I guess I
> don't see why somebody couldn't build their own ssh package with the
> kerberos patches.

I agree that the security of ssh is of paramount importance, but 
also recognize that the kerberos patches might be necessary for some.

Has anyone looked critically at the patches and have anything at all 
to say about what security risks they may present? If not, I think I 
agree with elliott, we should not include them.

- P

More information about the arch-dev-public mailing list