[arch-dev-public] Moving heimdal to core
paul at mattal.com
Tue Nov 27 15:39:06 EST 2007
Paul Mattal wrote:
> eliott wrote:
>> On 11/27/07, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>>> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>>>> I'd like to move heimdal to core/lib. This gives us kerberos libs in
>>>> core, and will close out this bug:
>>>> Any problems with this?
>>> One last poke here - I'm going to do this in a few hours if no one has an issue.
>> I am actually against it, based on the dialog in the bug ticket..
>> Is this patch not included upstream, as the ticket mentioned? If that
>> is the case, and considering the extreme sensitivity of ssh in
>> general, I think we should as close to upstream as possible.
>> I venture a bet that not many people use kerberos'd ssh too. I guess I
>> don't see why somebody couldn't build their own ssh package with the
>> kerberos patches.
> I agree that the security of ssh is of paramount importance, but
> also recognize that the kerberos patches might be necessary for some.
> Has anyone looked critically at the patches and have anything at all
> to say about what security risks they may present? If not, I think I
> agree with elliott, we should not include them.
Sorry, I think I crossed with another message on this topic which I
should have read first.
If this is just a compile-time flag already fully supported by
openssh upstream, I'm for it.
More information about the arch-dev-public