On 01/30/2017 09:36 PM, Heasley wrote:
whats wrong with providing a 7.4+v1 port for everyone to use?
What will happen when 7.4 gets a vulnerability, then? I don't think
you or I will be patching it (or anyone else) and therefore, the
port/pkg will be knowingly vulnerable.
Why do we want that?
So you ate advocating telnet? Such a client is likely better still than telnet,
which is the only alternative.
No, I've explained what I've advocated: compile 7.4 yourself and use if
for your own needs. Having FreeBSD keep deprecated software around
doesn't seem practical to me, and it seems this is also what FreeBSD
security also believes. Sorry that you're working with legacy hardware.
Without a pkg, folks are forced to maintain it themselves. Which is more likely
to receive less attention between now and EoS for v1?
Dont make choices for or impose your rhetoric upon others, provide them the
tools to make their choices.
Fact: I'm not imposing anything as I have no say in FreeBSD's security
at all.
FWIW, in May 2016 it the openssh team announced their intentions to
disable ssh v1:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-May/035069.html
It also looks like they pushed the deprecation from June to August as well.
Looks like ssh v1 was disabled at compile time in March 2015:
http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-March/033701.html
So unsurprisingly, it looks like they've communicated the desire to
remove sshv1 for awhile.
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
