Paul Gilmartin wote: " Would IBM do better to apply IBM patches to the newest distribution rather than trying to upgrade an outdated version with APARs? There's yet no assurance that IBM's patching won't regress a needed security patch.... Is EBCDIC a culprit?"
This has nothing to do w/EBCDIC. This is a new standard from the IETF (or whomever). Like any other software, OpenSSH was written to a certain spec. A new spec will require new code to support that spec. Since OpenSSH is now a part of z/OS, obviously maintenance will be required. As I said in my earlier post, IBM is (more or less) obligated to support the new standard. Whether this is done with a (PTF) or (FUNCTION SYSMOD) is irrelevant. Patch (apply PTF) vs. Replace (apply new function) is (IMO) *NEVER* a vendor decision. Which update method produces the desired result with the least amount of effort? It would not surprise me (I haven’t investigated) if IBM has supplied both methods. To the OP: It seems a PMR or call to your friendly IBM rep would provide the information needed. HTH, -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Paul Gilmartin Sent: Thursday, April 11, 2019 3:16 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: OpenSSH upgrade option On Thu, 11 Apr 2019 16:01:15 +0000, Mark Jacobs wrote: >I don't believe so. Latest version shipped with z/OS 2.3 is 6.4p1. IBM does >issue APARs against it for any problems found that are applicable to OpenSSH >on zOS. These is/was a list of them in one of the IBM OpenSSH manuals at one >time. > It's reasonable that Security Team look first at the version number and reject immediately if it doesn't meet criteria. They haven't resource to examine every APAR cover letter (and integrity APARs may not be public.) Would IBM do better to apply IBM patches to the newest distribution rather than trying to upgrade an outdated version with APARs? There's yet no assurance that IBM's patching won't regress a needed security patch. Why must IBM patch? Is EBCDIC a culprit? I hate EBCDIC! >‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >On Thursday, April 11, 2019 11:44 AM, Paul Jodlowski wrote: > >> Is there a way to upgrade OpenSSH on z/OS v2.2? >> Currently OpenSSH is at 6.4p1, I have been asked by our Network Security >> Team to upgrade to OpenSSH 7.4. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ::DISCLAIMER:: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
