Hi all, I'm aware of the upcoming split[1] in openssh packages. This will of course affect, and benefit, downstream distributions, like Ubuntu, which also carries the key exchange patch.
It's my understanding we will have two openssh src packages, right? One will produce binaries built without --with-kerberos5, and the other will enable kerberos5/gssapi, and the key exchange patch, correct? In this cycle Ubuntu would like to try the unique-ccache patch[2] from Fedora, as we have seen some demand[3] for it. I understand it feels like the same trap that the key exchange patch created, but having the packages/builds split like described above will help reduce the risk of this change and make it opt-in basically. We have been trying out that patch out in jammy and noble with a launchpad recipe for daily builds, and have also added DEP8 tests specifically for the changes the patch introduces. So far, so good. Do you have an idea when the work on this split will continue, or more details in general? 1. https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-August/041553.html 2. https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.7p1-gssapi-new-unique.patch 3. https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1889548
