Subject: Re: security/ssh vs distfiles/vulnerabilities
To: David Maxwell <david@fundy.net>
From: None <itojun@iijlab.net>
List: tech-pkg
Date: 06/14/2001 09:16:02
>Just point me to the thread if I missed a discussion...
>Right now distfiles/vulnerabilities says ssh<1.2.31 is vulnerable.
>The latest version in pkgsrc is 1.2.27nb1, whose patch-ac seems to
>address the issue that the vulnerabilities file points to.
>So... should security/ssh be marked BROKEN, or the entry in
>vulnerabilties be removed, or... something else?
>Currently the package is 'clean', but audit-packages reports it broken.
>That's bad.
basically i would suggest using openssh. should we really mark
security/ssh BROKEN? or move security/ssh to ssh.som ssh 3.x?
itojun