tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: OpenSSH/OpenSSL patches to stop excessive entropy consumption
On Sun, Mar 04, 2012 at 02:04:45PM +0900, Izumi Tsutsui wrote:
>
> Then isn't it better to ask these changes to upstream first?
I've already started the process of feeding the OpenSSL change back
to OpenSSL. I don't anticipate any problem there.
I am less sanguine about OpenSSH -- after all, the genesis of the
basic issue here is in the strange OpenBSD hack that guts the OpenSSL
RNG. But I cannot really see any problem with less than 50 lines of
local changes; our in-tree OpenSSH is already far more different than
that, and I have not heard any complants about merge difficulty.
> I'm afraid maintaining 6KB diffs in src/external tree
> would be annoying in future imports.
Really? We have code in src/external that has thousands of lines of
diffs, not just a few tens. I can't see I find this reasoning very
persuasive.
Thor
Home |
Main Index |
Thread Index |
Old Index