itojun@iijlab.net writes:

> >If there are new features (or especially bug fixes) in pkgsrc openssh
> >(2.3) that aren't in 1.5's openssh (2.2), then we should make sure
> >that pkgsrc openssh can install on a 1.5 system.
> 
> 	(i think i have wrote similar item couple of times)

:)

> 	current situation is like this:
> 
> 	current: 2.3.2 as of 2/14
> 	1.5: 2.2.0 with patch against razor advisory
> 	pkgsrc/security/openssh: portable openssh 2.3.0p1
> 	pkgsrc/security/ssh: ssh.com ssh 1.2.27 + patch against razor advisory

Thanks for the clarification.

> 	i've requested a pullup from current to 1.5 branch.

But that won't help people who are running 1.5 and not tracking the
release branch.

> >If there are no such new features, then pkgsrc openssh should refuse
> >to install on a 1.5 system, and it should give a clear explanation of
> >why, to avoid confusion.
> 
> 	i'm not sure about this.  pkgsrc/security/openssh uses portable openssh
> 	distribution.  usr.bin/ssh uses non-portable (original from openbsd).
> 	i can think of people who wants to install pkgsrc version for some
> 	reason.

...and right now, they can't; it installs, but it fails to run on a
stock 1.5 system.

The thing is, I'm not sure what to do about it.  However, since nobody
else has made any suggestions, here's what I propose:

1.  On the 1.5 (and possibly -current) branch, make login_getclass(3)
    synthesize a "default" entry if /etc/login.conf doesn't exist or
    is empty.  Possibly (on the -current branch) also syslog a warning
    in this case.  Alter the man page to document this behavior.

2.  In pkgsrc, make openssh continue to work if login_getclass(3)
    returns NULL.  Add this as a patch in the patches directory.
    Should this patch get submitted back to the OpenSSH folks?

I'll be happy to do this, but I want to throw this out for public
review beforehand.

Chris

-- 
----------------------------------------------------- chris@cjones.org
Chris Jones                                           Mad scientist at large