[arch-dev-public] Moving heimdal to core

Paul Mattal paul at mattal.com
Tue Nov 27 15:39:06 EST 2007

Paul Mattal wrote:
> eliott wrote:
>> On 11/27/07, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>>> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>>>> I'd like to move heimdal to core/lib. This gives us kerberos libs in
>>>> core, and will close out this bug:
>>>> http://bugs.archlinux.org/task/8373
>>>> Any problems with this?
>>> One last poke here - I'm going to do this in a few hours if no one has an issue.
>> I am actually against it, based on the dialog in the bug ticket..
>> Is this patch not included upstream, as the ticket mentioned? If that
>> is the case, and considering the extreme sensitivity of ssh in
>> general, I think we should as close to upstream as possible.
>> I venture a bet that not many people use kerberos'd ssh too. I guess I
>> don't see why somebody couldn't build their own ssh package with the
>> kerberos patches.
> I agree that the security of ssh is of paramount importance, but 
> also recognize that the kerberos patches might be necessary for some.
> Has anyone looked critically at the patches and have anything at all 
> to say about what security risks they may present? If not, I think I 
> agree with elliott, we should not include them.

Sorry, I think I crossed with another message on this topic which I 
should have read first.

If this is just a compile-time flag already fully supported by 
openssh upstream, I'm for it.

- P

More information about the arch-dev-public mailing list