On 2017-10-15 22:06:35 [+0100], Colin Watson wrote: > What? You've entirely misunderstood me. OpenSSH upstream *already* This got cleared up in the meantime.
> > I've been pointed out to another way to go I hope you like it: There is > > PKIX-SSH [0]. > > I dislike the idea of switching to a fork even more than the idea of > maintaining an enormous patch, I'm afraid - especially one that adds > other features, making it a one-way change. Well, one way sure. You get features from the fork which upstream does not provide and the Debian version does not have. I had a brief look into debian patch queue and there was something regarding ldap and the fork mentioned something about ldap among other things so it looked like a win-win. Not to mention the openssl 1.1 support. I understand that if you add *more* features which openssh does not provide that this makes it hard to switch back. Yes. I actually hope that it does not come to that and I assumed that some of those feature might be good to have. There was a glibc -> eglibc switch a while ago. One of the "features" of eglibc was a maintained arm and mips port. They switched back to glibc after all the eglibc features went into glibc. So that was kind of the perspective I was looking at it. So I guess there is nothing I can do to sell it better? Sebastian