1 |
On Sat, Mar 29, 2014 at 11:31 PM, hasufell <hasufell@g.o> wrote: |
2 |
> We have had those debates whether the "+" should follow upstream |
3 |
> decisions and such. Short answer: the maintainer decides. There is no |
4 |
> consistency for this and there will never be. |
5 |
|
6 |
That may be true, I still think it behooves us to be particularly |
7 |
careful about including non-upstream patches on extremely sensitive |
8 |
software such as openssh, so I don't think saying "maintainer decides" |
9 |
is a good enough response to Toralf's questions. |
10 |
|
11 |
On Mon, Mar 31, 2014 at 1:15 AM, Duncan <1i5t5.duncan@×××.net> wrote: |
12 |
> Gentoo has never pretended to be a hand-holding distribution (tho it |
13 |
> seems to be getting rather more so these days); gentooers ignoring that |
14 |
> recommendation... get to keep the pieces. =:^) |
15 |
|
16 |
While I can see where you're coming from, that doesn't mean the Gentoo |
17 |
developers shouldn't provide sensible defaults. If we load up all |
18 |
Gentoo systems with an insecure OpenSSH by default, saying "ah, you |
19 |
should have fixed the configuration" is just a cop-out. |
20 |
|
21 |
So, I'm interested... How widely used is the HPN patch set? Are there |
22 |
any good indications that it doesn't negatively impact security? |
23 |
|
24 |
Cheers, |
25 |
|
26 |
Dirkjan |