Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption

To: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
Subject: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sun, 4 Mar 2012 00:11:11 -0500

On Sun, Mar 04, 2012 at 02:04:45PM +0900, Izumi Tsutsui wrote:
> 
> Then isn't it better to ask these changes to upstream first?

I've already started the process of feeding the OpenSSL change back
to OpenSSL.  I don't anticipate any problem there.

I am less sanguine about OpenSSH -- after all, the genesis of the
basic issue here is in the strange OpenBSD hack that guts the OpenSSL
RNG.  But I cannot really see any problem with less than 50 lines of
local changes; our in-tree OpenSSH is already far more different than
that, and I have not heard any complants about merge difficulty.

> I'm afraid maintaining 6KB diffs in src/external tree
> would be annoying in future imports.

Really?  We have code in src/external that has thousands of lines of
diffs, not just a few tens.  I can't see I find this reasoning very
persuasive.

Thor

References:
- Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Thor Lancelot Simon
- Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
  - From: Izumi Tsutsui

Prev by Date: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Next by Date: re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Previous by Thread: Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Next by Thread: re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
Indexes:

Home | Main Index | Thread Index | Old Index