| 1 |
On Sat, Mar 29, 2014 at 11:31 PM, hasufell <hasufell@g.o> wrote: |
| 2 |
> We have had those debates whether the "+" should follow upstream |
| 3 |
> decisions and such. Short answer: the maintainer decides. There is no |
| 4 |
> consistency for this and there will never be. |
| 5 |
|
| 6 |
That may be true, I still think it behooves us to be particularly |
| 7 |
careful about including non-upstream patches on extremely sensitive |
| 8 |
software such as openssh, so I don't think saying "maintainer decides" |
| 9 |
is a good enough response to Toralf's questions. |
| 10 |
|
| 11 |
On Mon, Mar 31, 2014 at 1:15 AM, Duncan <1i5t5.duncan@×××.net> wrote: |
| 12 |
> Gentoo has never pretended to be a hand-holding distribution (tho it |
| 13 |
> seems to be getting rather more so these days); gentooers ignoring that |
| 14 |
> recommendation... get to keep the pieces. =:^) |
| 15 |
|
| 16 |
While I can see where you're coming from, that doesn't mean the Gentoo |
| 17 |
developers shouldn't provide sensible defaults. If we load up all |
| 18 |
Gentoo systems with an insecure OpenSSH by default, saying "ah, you |
| 19 |
should have fixed the configuration" is just a cop-out. |
| 20 |
|
| 21 |
So, I'm interested... How widely used is the HPN patch set? Are there |
| 22 |
any good indications that it doesn't negatively impact security? |
| 23 |
|
| 24 |
Cheers, |
| 25 |
|
| 26 |
Dirkjan |
Archives