[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: Debian openssh option review: considering splitting out GSS-API key exchange
From: RL <richard.lewis.debian () googlemail ! com>
Date: 2024-04-02 13:19:07
Message-ID: 861q7nc378.fsf () simplex ! rtf ! org ! uk
[Download RAW message or body]
Colin Watson <cjwatson@debian.org> writes:
> GSS-API key exchange
> ====================
> However, OpenSSH upstream has long rejected it
> All the same, I'm aware that some people now depend on having this
> facility in Debian's main openssh package
> How does this rough plan sound?
>
> * for Debian trixie (current testing):
>
> * add dependency-only packages called something like
> openssh-client-gsskex and openssh-server-gsskex, depending on their
> non-gsskex alternatives
> * add NEWS.Debian entry saying that people need to install these
> packages if they want to retain GSS-API key exchange support
> * add release note saying the same
happy to help on release-notes.
Think you've got two audiences:
- people who rely on gss, who may be upgrading over ssh and need to know
how to avoid being locked out (eg: make sure to install gsskex
recommended packages before reboot?)
- people who dont use gss, and want to remove it asap: as well as
removing the gsskex packages would they need to edit sshd_config or
ssh_config etc -- these can currently contain things like
'GSSAPIAuthentication no' which would (i assume) stop working (and
cause sshd to not start) once the gss support is removed(?)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic