diff options
Diffstat (limited to 'debian/patches/gssapi.patch')
-rw-r--r-- | debian/patches/gssapi.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index a60a8b4e1..6550ba60b 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
@@ -1,3 +1,20 @@ | |||
1 | Description: GSSAPI key exchange support | ||
2 | This patch has been rejected upstream: "None of the OpenSSH developers are | ||
3 | in favour of adding this, and this situation has not changed for several | ||
4 | years. This is not a slight on Simon's patch, which is of fine quality, | ||
5 | but just that a) we don't trust GSSAPI implementations that much and b) we | ||
6 | don't like adding new KEX since they are pre-auth attack surface. This one | ||
7 | is particularly scary, since it requires hooks out to typically root-owned | ||
8 | system resources." | ||
9 | . | ||
10 | However, quite a lot of people rely on this in Debian, and it's better to | ||
11 | have it merged into the main openssh package rather than having separate | ||
12 | -krb5 packages (as we used to have). It seems to have a generally good | ||
13 | security history. | ||
14 | Author: Simon Wilkinson <simon@sxw.org.uk> | ||
15 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 | ||
16 | Last-Updated: 2010-02-27 | ||
17 | |||
1 | Index: b/ChangeLog.gssapi | 18 | Index: b/ChangeLog.gssapi |
2 | =================================================================== | 19 | =================================================================== |
3 | --- /dev/null | 20 | --- /dev/null |