http://bugzilla.novell.com/show_bug.cgi?id=560903 http://bugzilla.novell.com/show_bug.cgi?id=560903#c7 Anna Bernathova <anicka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |anicka@novell.com Info Provider|anicka@novell.com |meissner@novell.com --- Comment #7 from Anna Bernathova <anicka@novell.com> 2009-12-09 13:58:17 UTC --- Well, compiling sshd like we are doing it now is a little more secure: If you compile it, you can be quite sure that only right copies of external binaries (they are used ie. for colection of entropy and some more things) are chosen for using. Adding /usr/local/bin is not likely to do any harm for our builds. But our users could more easily unintentionally rebuild the package with wrong binaries and make their system insecure. I do not know whether it is a problem for us or not, it is a matter of policy. So maybe we should ask what does security team think about it. Marcus? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.