Oden Eriksson ([EMAIL PROTECTED]) wrote: > torsdagen den 10 oktober 2002 18.47 skrev Vincent Danen: > > On Wednesday, October 9, 2002, at 08:04 PM, Oden Eriksson wrote: > > > > [...] > > > > > > The point is I don't like to do this. It's fine to patch things > > > > for fixes, proper language translations, etc. But adding > > > > features like this causes other problems... it will bring a lot > > > > of bad publicity for MandrakeSoft because of Theo; he's made > > > > many threats in the past and he's neurotic enough to follow > > > > through. For instance, if we do something Theo really doesn't > > > > like, or that Markus doesn't like, any questions regarding > > > > openssh that even faintly mention Mandrake somewhere in the > > > > equation, will get blasted by the openssh developers, and > > > > they'll be referred here with none too kind words. > > > > > > > > I'd rather avoid that sort of thing. > > > > > > Ahh, I didn't think that far, are they really such a*holes? May I > > > ask what those threats were? > > > > Let's call them protective. And the threats were basically bad > > publicity amongst many other Linux/BSD vendors and communities, big > > anti-MandrakeSoft sentiments on the openssh website, that sort of > > thing. I don't recall the particulars, but it was enough for me to > > remove the offending patches. > > Hmm..., that sounds just plain childish to me. My godness...
The explanation isn't really good. Theo and Co make OpenSSH. They do their very best to make it work on all platforms even though other people give them a hard time because of all different kinds of versions of pam. And as long as everybody uses an unpatched version of OpenSSH they can tell from the bug reports what is going on by looking at their own source code. They want to do that. They feel responsible for the product and they have a name to keep. Now somebody sees a nice looking patch and it is a perfectly written patch. They will get questions about the features in it. For something they never wrote. What if it contains a bug? They get the questions. And not from one or two people. No thousands. What if it contains an exploit... go figure what will happen to them. And they really really didn't even do it. And ssh isn't just another app. If it gets broken into you can severely damage a whole distro. I mean patch a kernel... who cares. That's your problem. You can patch nearly anything but it won't damage the product kernel. But this is not the case for OpenSSH. If you manage to break it you damage the whole concept of OpenSSH, not only on your own distro, no on all platforms. So I can imagine Theo and Co being very much against custom added patches. I'd suggest being very careful with OpenSSH not to apply any custom patches other than things that make the build go right. I'd even suggest honoring his opinion about pam just to make sure OpenSSH is secure and stays that way. Groetjes, Han. -- http://www.xs4all.nl/~hanb/software
