heasley <h...@shrubbery.net> writes: > Dag-Erling Smørgrav <d...@des.no> writes: > > You know what would be even sadder? If the OpenSSH developers had > > to continue to devote significant resources to maintaining a rat's > > nest of legacy code [...] > I was not suggesting that openssl maintain their apparently messy > code; they're maintaining it already, for whatever the remaining > period is.
The legacy code I'm referring to is code they inherited from Tatu Ylönen and have worked diligently to improve over the last 15 years. But SSH1 is a shitty protocol and too different from SSH2 to be easily integrated into a single framework. There really isn't much point in expending any more effort on it. > i'm suggesting a port with a v1 client; that is built with all the other > binary ports for abi changes and whatever else is reasonable. yes, i > can build my own, but i feel it should be a port. You mean like net/tcpdump398, which was forked from net/tcpdump because some people liked its output format better than that of tcpdump 4, and then forgotten, and is known to have dozens of security vulnerabilities? DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
