[gentoo-dev] Re: Openssl 0.9.6c on sparc

[gentoo-dev] Re: Openssl 0.9.6c on sparc

[murphy]

Hi,

It seems you have removed one of the older openssh ebuild which was being 
used in sparc gentoo. 

Can I ask you to please put it back and not delete older versions so 
readily? Other ports depend on other versions of SSH, depending on which 
one actually works :).

thanks a lot!
maarten

On Thu, 4 Jul 2002, Donny Davies wrote:

> >FYI this is the bug: http://bugs.gentoo.org/show_bug.cgi?id=3765
> >
> >I'm just asking to make sure you don't remove the older ebuild :).
> 
> Okay, I won't remove the older openssl ebuild ;-)  Not that I was
> planning to but I appreciate the heads up.
> 
> Cheers
> 	Donny
> 

Re: [gentoo-dev] Re: Openssl 0.9.6c on sparc

[Brandon Low]

Hey SPARC folks,

That deletion was due to the fact that there are known security holes 
in all versions of ssh prior to 3.4, I discussed with several older wiser 
devs before removing, if you need it back, use cvs to restore it, but 
keeping things with known security holes in the portage tree doesn't seem 
like good policy to me :-(  Sorry for the inconvenience.

--Brandon

On Fri, 07/05/02 at 12:32:15 +0200, murphy@gentoo.org wrote:
> Hi,
> 
> It seems you have removed one of the older openssh ebuild which was being 
> used in sparc gentoo. 
> 
> Can I ask you to please put it back and not delete older versions so 
> readily? Other ports depend on other versions of SSH, depending on which 
> one actually works :).
> 
> thanks a lot!
> maarten
> 
> On Thu, 4 Jul 2002, Donny Davies wrote:
> 
> > >FYI this is the bug: http://bugs.gentoo.org/show_bug.cgi?id=3765
> > >
> > >I'm just asking to make sure you don't remove the older ebuild :).
> > 
> > Okay, I won't remove the older openssl ebuild ;-)  Not that I was
> > planning to but I appreciate the heads up.
> > 
> > Cheers
> > 	Donny
> > 
> 
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev

Re: [gentoo-dev] Re: Openssl 0.9.6c on sparc

[murphy]

Hi,

> That deletion was due to the fact that there are known security holes
> in all versions of ssh prior to 3.4, I discussed with several older wiser 

This is in SSH not SSL right? So can we change the ebuild to use openssl 
0.9.6c instead of 0.9.6d for Sparc?

> devs before removing, if you need it back, use cvs to restore it, but 
> keeping things with known security holes in the portage tree doesn't seem 
> like good policy to me :-(  Sorry for the inconvenience.

In general, please don't delete any ebuilds unless you're sure they're not 
being used by any platform. There is no need to physically delete an 
ebuild to make people upgrade... Portage takes care of this already. Can 
you just mask it out in the future?

thanks!
maarten

Re: [gentoo-dev] Re: Openssl 0.9.6c on sparc

[Ferry Meyndert]

I dont agree with that. I think software that has a serious problem
shouldn't be kept in portage masked or not.

Ferry (M0rpheus)
----- Original Message -----
From: <murphy@gentoo.org>
To: "Brandon Low" <lostlogic@gentoo.org>
Cc: "Donny Davies" <woodchip@gentoo.org>; <gentoo-dev@gentoo.org>;
<gentoo-sparc@gentoo.org>
Sent: Friday, July 05, 2002 6:10 PM
Subject: Re: [gentoo-dev] Re: Openssl 0.9.6c on sparc


> Hi,
>
> > That deletion was due to the fact that there are known security holes
> > in all versions of ssh prior to 3.4, I discussed with several older
wiser
>
> This is in SSH not SSL right? So can we change the ebuild to use openssl
> 0.9.6c instead of 0.9.6d for Sparc?
>
> > devs before removing, if you need it back, use cvs to restore it, but
> > keeping things with known security holes in the portage tree doesn't
seem
> > like good policy to me :-(  Sorry for the inconvenience.
>
> In general, please don't delete any ebuilds unless you're sure they're not
> being used by any platform. There is no need to physically delete an
> ebuild to make people upgrade... Portage takes care of this already. Can
> you just mask it out in the future?
>
> thanks!
> maarten
>
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev
>

Re: [gentoo-dev] Re: Openssl 0.9.6c on sparc

[Brandon Low]

[-- Attachment #1: Type: text/plain, Size: 1244 bytes --]

Yeah, if it works with 0.9.6c, I do not know of specific hacks against 
openssl-0.9.6c at this time so that should be fine... I wonder why that 
dep is set specifically... I'll investigate later.

--Brandon

On Fri, 07/05/02 at 18:10:53 +0200, murphy@gentoo.org wrote:
> Hi,
> 
> > That deletion was due to the fact that there are known security holes
> > in all versions of ssh prior to 3.4, I discussed with several older wiser 
> 
> This is in SSH not SSL right? So can we change the ebuild to use openssl 
> 0.9.6c instead of 0.9.6d for Sparc?
> 
> > devs before removing, if you need it back, use cvs to restore it, but 
> > keeping things with known security holes in the portage tree doesn't seem 
> > like good policy to me :-(  Sorry for the inconvenience.
> 
> In general, please don't delete any ebuilds unless you're sure they're not 
> being used by any platform. There is no need to physically delete an 
> ebuild to make people upgrade... Portage takes care of this already. Can 
> you just mask it out in the future?
> 
> thanks!
> maarten
> 
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://lists.gentoo.org/mailman/listinfo/gentoo-dev

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]