On Friday, 31 December 2021 08:43:49 CET Tor Arntsen via libssh2-devel wrote: > On Fri, 31 Dec 2021 at 02:13, Nicolas Mora via libssh2-devel > The only part of the Fedora report which looks like an argument is this: > "the libssh2 library uses outdated cryptographic algorithms and lacks > important features, such as GSS-API authentication." > (https://docs.fedoraproject.org/en-US/fedora/f28/release-notes/sysadmin/Secu > rity/index.html) Is this true, or more importantly, is it relevant?
Hello, I'm the maintainer of libssh. There are several reasons why distributions switched to libssh: a) Required features like ciphers and GSSAPI support a) Choose only one library you have to support (enterprise wise) c) FIPS readiness d) ... So everything moved to libssh, even projects which used python implementations before, see https://www.ansible.com/blog/new-libssh-connection-plugin-for-ansible-network So the distro just needs to decide what users/customers need and what it wants to support. Probably this isn't relevant for Debian but might be for Ubuntu. Best regards Andreas -- libssh2-devel mailing list libssh2-devel@lists.haxx.se https://lists.haxx.se/listinfo/libssh2-devel
