https://bugzilla.novell.com/show_bug.cgi?id=393186
User anicka@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=393186#c47
--- Comment #47 from Anna Bernathova 2008-08-18 07:23:34 MDT ---
Backporting is quite easy (I have ported it for sles8 successfully), forward
porting should be also. The amount of code is huge for a single patch, but
actual changes in ssh are little, the patch seems to be be well maintainable
accross various releases of openssh.
But in fact, personally I have quite strong opinion against adding this patch
into our distribution. It is a good work, possibly the best that can be done,
but it does not mean that the outcome will be also good. The patch will neither
filter all leaked keys (it is not possible - imagine a key generated with an
old Debian distribution, used on fresh installation, leaked during using due to
weak random generator) nor avoid all the false positives (and imagine our
scared customers and consecutive work with all the L3). And I am not feeling
like "fixing" the code that principially cannot be fixed. (Not mentioning all
the possible well hidden security bugs staying undiscovered because the code is
not upstream - the patch is really huge, so I believe there might be some.)
And all of this for a no big deal - the problem is pretty well known and most
of the people know that they could be affected and take their measures
accordingly. The "obscure" cases we cannot track anyway (like the one I
mentioned above). How much genuinely weak keys will be left for us to discover?
But this is just my opinion, maybe I have missed some consequences ;-)
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.