> I don't think it is wise to play with security-related software in > the stack. If OpenBSD and Debian (or for the matter all the other > distros) haven't applied those patches, I'm sure there is some > reason, although maybe it being only "uncertainty".
Yes, is true. But I think that from an uncrypted connection (from cluster nodes) and a maybe insecure ssh patched connection there is a lot of difference. We can use a patched ssh connection on special port only to connect nodes (live migration, etc), than use a standard Debian ssh daemon on standard port to admin the cluster. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
