itojun@iijlab.net writes:

> >So, with the latest round of ssh security problems, it would seem
> >important that openssh install and run flawlessly on a 1.5 system.
> 
> 	openssh shipped with 1.5 (/usr/sbin/sshd) has the fix to
> 	http://razor.bindview.com/publish/advisories/adv_ssh1crc.html.
> 	the version number seems to older than the advisory, but
> 	the fix is there.

Excellent.  But our users don't know that, because we haven't made any
announcement (unless I missed it).

If there are new features (or especially bug fixes) in pkgsrc openssh
(2.3) that aren't in 1.5's openssh (2.2), then we should make sure
that pkgsrc openssh can install on a 1.5 system.

If there are no such new features, then pkgsrc openssh should refuse
to install on a 1.5 system, and it should give a clear explanation of
why, to avoid confusion.

Chris

-- 
----------------------------------------------------- chris@cjones.org
Chris Jones                                           Mad scientist at large