On Mon, 14 Jan 2008 00:36:13 -0500 (EST) "Dennis Clarke" <[EMAIL PROTECTED]> wrote:
> > Sorry for the confusing subject line but this is really just about OpenSSH > as implemented in Solaris ( and various derivitives ) and any issues that > may exist between the OpenSSH team and the Solaris world. [snip] > So the short answer here is that I don't know what the Sun implementation of > SSH is really but it seems to be NOT what we see at the source site. So that > really is the only reason why I tend to run the packages built on reference > servers that I trust and with source code drawn directly from the well. > > Am I wrong to think this way ? No. At least not in my opinion. From what you've described we can essentially conclude that "if it doesn't say OpenSSH, then you don't know what's inside". That, in and of itself, would be plenty enough for me to favor your package build over what Sun bundles. fwiw- this off latest OBSD release: $ ssh -V OpenSSH_4.7, OpenSSL 0.9.7j 04 May 2006 $ uname -rs OpenBSD 4.2 I've been running OpenBSD boxes for many years now and their track record w.r.t security is pretty much unparalleled. In the absence of any errata to the contrary, I'd prefer to trust what they bundle. -- Best regards, Ken Gunderson Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? _______________________________________________ opensolaris-discuss mailing list [email protected]
