[CentOS] Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability

Mon May 19 13:11:15 UTC 2008
Les Mikesell <lesmikesell at gmail.com>

Ralph Angenendt wrote:
> 
>>> - What does our upstream think about this?
>>> - What do the OpenSSH developers think about this?
>> Someone is going to need to ask those questions of the people...
> 
> I don't think the OpenSSH devels really do care about that - there is no
> discussion whatsoever on the secureshell list or on the devel list.
> 
> No idea about our upstream, but I don't think so either.

Does anyone know the point of the patch in the first place?  That is, 
why would a distro-specific modification have been needed at all?  I 
don't suspect an intentional compromise here but I'm curious about why 
anyone would consider a non-standard change.

-- 
   Les Mikesell
    lesmikesell at gmail.com