Frederick Bruckman <fb@enteract.com> writes:

> On 14 Feb 2001, Chris Jones wrote:
> 
> > If there are new features (or especially bug fixes) in pkgsrc openssh
> > (2.3) that aren't in 1.5's openssh (2.2), then we should make sure
> > that pkgsrc openssh can install on a 1.5 system.
> 
> You should not install pkgsrc openssh on a 1.5 system, especially for
> a security fix. The binary package installs to /usr/pkg, which leaves
> the old, bad /usr/bin/ssh and /usr/sbin/sshd still in place, waiting
> to trap the unwary user.

Okay, but what if pkgsrc openssh interoperates better than the stock
1.5 openssh?  (From reading the ChangeLog, this appears to be true.)
Wouldn't it be nice to be able to install the more friendly version
from pkgsrc with a minimum of hassle?

Another question:  Given this, why is openssh in pkgsrc in the first
place?  We have it in 1.5, and we have it in -current.  If the
expected upgrade path is to update NetBSD sources and recompile, then
we aren't expecting users of 1.5 or later systems to ever use this
package.  Shouldn't it be disabled or removed?

Chris

-- 
----------------------------------------------------- chris@cjones.org
Chris Jones                                           Mad scientist at large