On 2014-04-10 23:30 +0200, Alex Robbins wrote: > I have been using Debian Testing (Jessie) and tried to upgrade today, and > aptitude tried to remove openssh-blacklist and openssh-blacklist-extra > as they > were no longer used. Upon further inspection, in... > > Debian Wheezy: > openssh-client and openssh-server recommend openssh-blacklist and > openssh-blacklist-extra > > Debian Jessie Recently (according to the packages on my system before > the upgrade): > openssh-client and openssh-server suggest openssh-blacklist and > openssh-blacklist-extra > > Debian Jessie Currently: > Neither openssh-client nor openssh-server depend on openssh-blacklist or > openssh-blacklist-extra in any way > > I do not quite know which programs use the blacklist, but what is the > reason for > this change? Shouldn't the client, the server, or both at least suggest > openssh-blacklist? I couldn't find anything about this in the changelogs.
It's this particular change: ,---- | openssh (1:6.5p1-1) unstable; urgency=medium | [...] | * Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code, | leaving only basic configuration file compatibility, since it has been | nearly six years since the original vulnerability and this code is not | likely to be of much value any more (closes: #481853, #570651). See | https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full | reasoning. | [...] | -- Colin Watson <[email protected]> Mon, 10 Feb 2014 14:58:26 +0000 `---- The removal of ssh-vulnkey means that the blacklist isn't used anymore. Cheers, Sven -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
