söndag 13 januari 2019 kl. 08:31:28 CET skrev Salvatore Bonaccorso: > On Fri, Dec 28, 2018 at 10:22:53AM +0100, Moritz Mühlenhoff wrote: > > On Wed, Dec 26, 2018 at 05:20:40PM +0100, Magnus Holmgren wrote: > > > I'm wondering if anyone would complain if I'd disable RSH (SSH) > > > connections > > > altogether. > > > > Full ack, that seems like the most sensible fix. > > Any news on this approach, or did you spot any problem with that way?
Here's my plan. Removing the RSHPATH define should disable the insecure code, I reckon. I just haven't been able to make gbp use my long PGP key id... -- Magnus Holmgren holmg...@debian.org Debian Developer
--- a/src/osdep/unix/Makefile +++ b/src/osdep/unix/Makefile @@ -985,7 +985,7 @@ onceenv: -DMD5ENABLE=\"$(MD5PWD)\" -DMAILSPOOL=\"$(MAILSPOOL)\" \ -DANONYMOUSHOME=\"$(MAILSPOOL)/anonymous\" \ -DACTIVEFILE=\"$(ACTIVEFILE)\" -DNEWSSPOOL=\"$(NEWSSPOOL)\" \ - -DRSHPATH=\"$(RSHPATH)\" -DLOCKPGM=\"$(LOCKPGM)\" \ + -DLOCKPGM=\"$(LOCKPGM)\" \ -DLOCKPGM1=\"$(LOCKPGM1)\" -DLOCKPGM2=\"$(LOCKPGM2)\" \ -DLOCKPGM3=\"$(LOCKPGM3)\" > OSCFLAGS echo $(BASELDFLAGS) $(EXTRALDFLAGS) > LDFLAGS
signature.asc
Description: This is a digitally signed message part.