Johannes Löthberg
2015-Mar-26 13:10 UTC
FYI: SSH1 now disabled at compile-time by default
On 26/03, Nico Kadel-Garcia wrote:>Yanking it out wholesale should be part of a 7.0 build, not an >incremental release. That's a major incompatibility with one heck of a >lot of existing code, much of which is on extended support. >And it?s been said multiple times in this thread that the OpenSSH version number is just a incrementing decimal number, it doesn?t have any major or minor releases. -- Sincerely, Johannes L?thberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1495 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150326/abc34619/attachment.bin>
Communication is a two way street. If OpenSSH wants to go down the route of single releases, like the browsers did, it can remove its minor numbers, like the browsers did. Everything else is a debate but this isn't. Don't say a thing and say you didn't just say it. On Thu, Mar 26, 2015 at 6:10 AM, Johannes L?thberg <johannes at kyriasis.com> wrote:> On 26/03, Nico Kadel-Garcia wrote: > >> Yanking it out wholesale should be part of a 7.0 build, not an >> incremental release. That's a major incompatibility with one heck of a >> lot of existing code, much of which is on extended support. >> >> > And it?s been said multiple times in this thread that the OpenSSH version > number is just a incrementing decimal number, it doesn?t have any major or > minor releases. > > -- > Sincerely, > Johannes L?thberg > PGP Key ID: 0x50FB9B273A9D0BB5 > https://theos.kyriasis.com/~kyrias/ > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > >
On Thu, Mar 26, 2015 at 10:19:05 -0700, Dan Kaminsky wrote:> Communication is a two way street. If OpenSSH wants to go down the route > of single releases, like the browsers did, it can remove its minor numbers, > like the browsers did. >There's no question of "going down the route." This has been the practice with OpenSSH for many years -- if not from the beginning. Certainly, those outside of the OpenSSH development community often assume the major/minor release scheme used by the majority of open source projects, but I'm suprised to see such confusion on this list. As to disabling SSH v1, hurray! The protocol has been long-obsolete and it is well-known to be insecure. Sure, some will eventually be impacted by this, but maybe that is a good thing. Perhaps it will give a little more incentive for those who are still using SSH1 to move into this century. -- Iain Morgan
On Thu, 26 Mar 2015, Dan Kaminsky wrote:> Communication is a two way street. If OpenSSH wants to go down the route > of single releases, like the browsers did, it can remove its minor numbers, > like the browsers did. > > Everything else is a debate but this isn't. Don't say a thing and say you > didn't just say it.We said it back around openssh-3.0. This is ancient history that we certainly aren't revisiting.