On 2025/09/04 14:46, Rene Malmgren wrote:> I did link to Dropbear in my latest post, but I would not say that
> Dropbear is a good replacement for every use case.
yes, it's a good fit in some circumstances (as is tinyssh) but is quite
limited, and I don't think it's likely to have been through anything
like the analysis that OpenSSH has been through (e.g. consider the lovely
detailed write-ups from Qualys for the things which they've investigated
and found issues with - and think how much more investigation must have
been done that hasn't resulted in anything that could be written up...)
> Now from my perspective I would say that there is demand for a better
> version of SSH on the market, since almost every developer uses it,
> and its use everywhere, including airports, banks, crypto exchanges
> and so on.
"on the market" is an interesting term here - I don't think I
would
want to be trusting something like this software to market forces.
I'd expect actual security and careful design to take a backseat to
tickbox marketing items.