>> 	openssh shipped with 1.5 (/usr/sbin/sshd) has the fix to
>> 	http://razor.bindview.com/publish/advisories/adv_ssh1crc.html.
>> 	the version number seems to older than the advisory, but
>> 	the fix is there.
>Excellent.  But our users don't know that, because we haven't made any
>announcement (unless I missed it).

	we are working on it.  sorry for delays, please hold.

>If there are new features (or especially bug fixes) in pkgsrc openssh
>(2.3) that aren't in 1.5's openssh (2.2), then we should make sure
>that pkgsrc openssh can install on a 1.5 system.

	(i think i have wrote similar item couple of times)
	current situation is like this:

	current: 2.3.2 as of 2/14
	1.5: 2.2.0 with patch against razor advisory
	pkgsrc/security/openssh: portable openssh 2.3.0p1
	pkgsrc/security/ssh: ssh.com ssh 1.2.27 + patch against razor advisory

	i've requested a pullup from current to 1.5 branch.

>If there are no such new features, then pkgsrc openssh should refuse
>to install on a 1.5 system, and it should give a clear explanation of
>why, to avoid confusion.

	i'm not sure about this.  pkgsrc/security/openssh uses portable openssh
	distribution.  usr.bin/ssh uses non-portable (original from openbsd).
	i can think of people who wants to install pkgsrc version for some
	reason.

itojun