https://bugzilla.novell.com/show_bug.cgi?id=412441 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=412441#c1 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Partner ID| |fate 301999 Resolution| |FEATURE --- Comment #1 from Marcus Meissner 2008-07-28 00:40:53 MDT --- Well, the patch is way too large to be added. It also changes buffer handling and cryptography handling, both very security sensitive areas. (I do not need to point to the problem with Debian and its openssl modification.) But let me just list this part where I see problems: switch (c->number) { + case SSH_CIPHER_NONE: And no comment why. So why would it be acceptable to have the None Cipher available again? So: I suggest that the HPN guys work with the upstream OpenSSH project to get it included. This might be hard, but in the end worth it. Btw Redhat/Fedora does not seem to include it (checked SRPM), neither seems Debian (checked on google). But thank you for bringing this to our attention! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=412441 User pgnet.trash+F@gmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=412441#c3 pgnet _ changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FEATURE --- Comment #3 from pgnet _ 2008-07-28 07:32:31 MDT --- _ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=412441 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=412441#c5 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de AssignedTo|security-team@suse.de |anicka@novell.com Status|REOPENED |NEW --- Comment #5 from Marcus Meissner 2008-07-28 08:51:59 MDT --- Anicka, can you query upstream why they did not add it? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=412441 User pgnet.trash+F@gmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=412441#c7 --- Comment #7 from pgnet _ 2008-07-28 09:15:47 MDT --- (In reply to comment #6 from Anna Bernathova)

it looks that upstream simply does not have resources to review that huge patch and a will to maintain it

If that's, in fact, the case, then your reticence is well-placed. An alternative that might be considered -- assuming that you deem it valuable to your customers & worth the effort/risk -- is for Novell/SuSE to proactively 'introduce' the HPN author/team to the *Suse build system. In that way (a) a cross-distro solution might be more easily built/maintained (b) collaboration for ongoing maintenance might be better organized (c) Novell/Suse could be seen as facilitating/mmarketing the performance solution. I agree that an un-maintained solution is a poor option. Thanks for your comments. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.