[CentOS] Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability
Johnny Hughes
johnny at centos.org
Mon May 19 13:53:54 UTC 2008
Les Mikesell wrote:
> Ralph Angenendt wrote:
>>
>>>> - What does our upstream think about this?
>>>> - What do the OpenSSH developers think about this?
>>> Someone is going to need to ask those questions of the people...
>>
>> I don't think the OpenSSH devels really do care about that - there is no
>> discussion whatsoever on the secureshell list or on the devel list.
>>
>> No idea about our upstream, but I don't think so either.
>
> Does anyone know the point of the patch in the first place? That is,
> why would a distro-specific modification have been needed at all? I
> don't suspect an intentional compromise here but I'm curious about why
> anyone would consider a non-standard change.
>
The change was added due to valgrind testing of openssh and warnings
produced while compiling.
The removal was discussed on the openssh-devel list.
If was clearly an accident caused by trying to do the right thing.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080519/1e0642db/attachment.sig>
More information about the CentOS
mailing list