heasley <heas at shrubbery.net> writes:> Dag-Erling Sm?rgrav <des at des.no> writes: > > You know what would be even sadder? If the OpenSSH developers had > > to continue to devote significant resources to maintaining a rat's > > nest of legacy code [...] > I was not suggesting that openssl maintain their apparently messy > code; they're maintaining it already, for whatever the remaining > period is.The legacy code I'm referring to is code they inherited from Tatu Yl?nen and have worked diligently to improve over the last 15 years. But SSH1 is a shitty protocol and too different from SSH2 to be easily integrated into a single framework. There really isn't much point in expending any more effort on it.> i'm suggesting a port with a v1 client; that is built with all the other > binary ports for abi changes and whatever else is reasonable. yes, i > can build my own, but i feel it should be a port.You mean like net/tcpdump398, which was forked from net/tcpdump because some people liked its output format better than that of tcpdump 4, and then forgotten, and is known to have dozens of security vulnerabilities? DES -- Dag-Erling Sm?rgrav - des at des.no
Wed, Feb 01, 2017 at 11:15:10AM +0100, Dag-Erling Sm?rgrav:> > i'm suggesting a port with a v1 client; that is built with all the other > > binary ports for abi changes and whatever else is reasonable. yes, i > > can build my own, but i feel it should be a port. > > You mean like net/tcpdump398, which was forked from net/tcpdump because > some people liked its output format better than that of tcpdump 4, and > then forgotten, and is known to have dozens of security vulnerabilities?I dont care what they do. They are consenting adults and could be told that the port is EoS and may have holes. seems like a different animal though; this isnt for fashion. I've transitioned everything that can be to sshv2, what remains is stuck in time.