Re: [CentOS] Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability

Ralph Angenendt wrote:

...

...

• What does our upstream think about this?
• What do the OpenSSH developers think about this?

Someone is going to need to ask those questions of the people...

I don't think the OpenSSH devels really do care about that - there is no discussion whatsoever on the secureshell list or on the devel list.

No idea about our upstream, but I don't think so either.

Does anyone know the point of the patch in the first place? That is, why would a distro-specific modification have been needed at all? I don't suspect an intentional compromise here but I'm curious about why anyone would consider a non-standard change.