On Tue, 31 Jan 2023 10:52:54 +0000 Colin Watson <[email protected]> wrote:
> There's now > https://salsa.debian.org/ssh-team/openssh/-/merge_requests/21 for this, > but as noted there I have documentation concerns about simply removing > this. Copying my comments from there: > At a bare minimum, this needs an entry in debian/NEWS. But I'd go > further: I think this should be documented in Debian's release notes > (repository at https://salsa.debian.org/ddp-team/release-notes) for a > release before we make this change. That won't inform everyone, but > it should reduce the number of people caught unawares by this. Any > other practical ideas for informing affected users would be welcome. > Was there an update on this bug against release-notes: the MR against openssh at https://salsa.debian.org/ssh-team/openssh/-/merge_requests/21/diffs doesnt seem to be merged - has this been parked? Based on the text in that MR , but if I i used this feature i would want to know: - can this prevent me logging in? (eg if i am doing the upgrade over ssh) - will it drop my ssh connection (release-notes does iirc advise upgrading inside tmux or screen) - what do i do if i need the settings in pam-envionment - can i add them to ssh_config? (I assume re-enabling a deprecated setting is not a good thing to recommend in release-notes) (and should i do so before or after upgrading?) The release notes could say something like: <section> <title>ssh no longer reads ~/.pam-environment</title> <para> The <sysitem role="package">ssh</sysitem> package, which allows secure login to remote systems, no longer reads the user's <filename>~/.pam_environment</filename> file by default. See <link to openssh's NEWS.debian> for details. If you used this feature, you should move variables set in <filename>~/.pam_environment</filename> file to <filename>~/.ssh/ssh_config</filename> before upgrading <!-- or your connection might break when openssh-server is upgraded? -->. </para> </section> (should there be something about the pam deprecation itself?)
