Colin Watson <cjwat...@debian.org> writes: > GSS-API key exchange > ====================
> However, OpenSSH upstream has long rejected it > All the same, I'm aware that some people now depend on having this > facility in Debian's main openssh package > How does this rough plan sound? > > * for Debian trixie (current testing): > > * add dependency-only packages called something like > openssh-client-gsskex and openssh-server-gsskex, depending on their > non-gsskex alternatives > * add NEWS.Debian entry saying that people need to install these > packages if they want to retain GSS-API key exchange support > * add release note saying the same happy to help on release-notes. Think you've got two audiences: - people who rely on gss, who may be upgrading over ssh and need to know how to avoid being locked out (eg: make sure to install gsskex recommended packages before reboot?) - people who dont use gss, and want to remove it asap: as well as removing the gsskex packages would they need to edit sshd_config or ssh_config etc -- these can currently contain things like 'GSSAPIAuthentication no' which would (i assume) stop working (and cause sshd to not start) once the gss support is removed(?)