* [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? @ 2014-03-29 10:07 Toralf Förster 2014-03-29 11:15 ` Alex Xu 0 siblings, 1 reply; 16+ messages in thread From: Toralf Förster @ 2014-03-29 10:07 UTC (permalink / raw To: gentoo-dev -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 WRT to but 504616 I'd like to address my questions made in https://bugs.gentoo.org/show_bug.cgi?id=504616#c6 to this list again : "Since the Debian debakel with "fixing" an uninitialized memeory I'm very skeptical to distribution specific corrections which are not included upstream. At least I'm wondering if the USE flag hpn should be enabled by the user explicitely - currently it is in IUSE already." - -- MfG/Sincerely Toralf Förster pgp finger print:1A37 6F99 4A9D 026F 13E2 4DCF C4EA CDDE 0076 E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlM2m1kACgkQxOrN3gB26U4q+AD9EDAhx1aPXxu7kaHA80Dskyol 5ha1qFBG1b9Hx2Lcp/MBAI1T6VEjok7qXbOw50f4EFmGMJOOhsO+fcNcHq+a3hYY =/RPN -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-03-29 10:07 [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? Toralf Förster @ 2014-03-29 11:15 ` Alex Xu 2014-03-29 19:12 ` Tom Wijsman 0 siblings, 1 reply; 16+ messages in thread From: Alex Xu @ 2014-03-29 11:15 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 630 bytes --] On 29/03/14 06:07 AM, Toralf Förster wrote: > WRT to but 504616 I'd like to address my questions made in https://bugs.gentoo.org/show_bug.cgi?id=504616#c6 to this list again : > > "Since the Debian debakel with "fixing" an uninitialized memeory I'm very skeptical to distribution specific corrections which are not included upstream. At least I'm wondering if the USE flag hpn should be enabled by the user explicitely - currently it is in IUSE already." > > > > 1. Please use a spelling checker. 2. IUSE doesn't mean what you think it means. http://devmanual.gentoo.org/quickstart/#ebuild-with-use-flags [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 836 bytes --] ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-03-29 11:15 ` Alex Xu @ 2014-03-29 19:12 ` Tom Wijsman 2014-03-29 22:16 ` Toralf Förster 0 siblings, 1 reply; 16+ messages in thread From: Tom Wijsman @ 2014-03-29 19:12 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 1143 bytes --] On Sat, 29 Mar 2014 07:15:14 -0400 Alex Xu <alex_y_xu@yahoo.ca> wrote: > On 29/03/14 06:07 AM, Toralf Förster wrote: > > WRT to but 504616 I'd like to address my questions made in > > https://bugs.gentoo.org/show_bug.cgi?id=504616#c6 to this list > > again : > > > > "Since the Debian debakel with "fixing" an uninitialized > > memeory I'm very skeptical to distribution specific corrections > > which are not included upstream. At least I'm wondering if the USE > > flag hpn should be enabled by the user explicitely - currently it > > is in IUSE already." > > 1. Please use a spelling checker. > > 2. IUSE doesn't mean what you think it means. > http://devmanual.gentoo.org/quickstart/#ebuild-with-use-flags Toralf wants to indicate that it is implicitly enabled by default (by the '+' character); and thus, he would like to see it become disabled by default, such that the user can explicitly enable it. -- With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : TomWij@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 490 bytes --] ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-03-29 19:12 ` Tom Wijsman @ 2014-03-29 22:16 ` Toralf Förster 2014-03-29 22:31 ` hasufell 0 siblings, 1 reply; 16+ messages in thread From: Toralf Förster @ 2014-03-29 22:16 UTC (permalink / raw To: gentoo-dev -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/29/2014 08:12 PM, Tom Wijsman wrote: > On Sat, 29 Mar 2014 07:15:14 -0400 Alex Xu <alex_y_xu@yahoo.ca> > wrote: > >> On 29/03/14 06:07 AM, Toralf Förster wrote: >>> WRT to but 504616 I'd like to address my questions made in >>> https://bugs.gentoo.org/show_bug.cgi?id=504616#c6 to this list >>> again : >>> >>> "Since the Debian debakel with "fixing" an uninitialized >>> memeory I'm very skeptical to distribution specific >>> corrections which are not included upstream. At least I'm >>> wondering if the USE flag hpn should be enabled by the user >>> explicitely - currently it is in IUSE already." >> >> 1. Please use a spelling checker. >> >> 2. IUSE doesn't mean what you think it means. >> http://devmanual.gentoo.org/quickstart/#ebuild-with-use-flags > > Toralf wants to indicate that it is implicitly enabled by default > (by the '+' character); and thus, he would like to see it become > disabled by default, such that the user can explicitly enable it. > Yes - that's what I want. At least an einfo should be added to the package IMO telling the user that HPN is enabled by default. - -- MfG/Sincerely Toralf Förster pgp finger print:1A37 6F99 4A9D 026F 13E2 4DCF C4EA CDDE 0076 E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF0EAREIAAYFAlM3RjsACgkQxOrN3gB26U5MqQD+Lvo4RUNmEE4YombGSzgFqI4C gOF7B1hD1j0S4/LjN5YA9ixAma2C12HUjBAnHndlR2SSBpDFwt/E6s4EWOlp2KE= =fhiX -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-03-29 22:16 ` Toralf Förster @ 2014-03-29 22:31 ` hasufell 2014-03-30 23:15 ` [gentoo-dev] " Duncan 2014-03-31 7:36 ` [gentoo-dev] " Dirkjan Ochtman 0 siblings, 2 replies; 16+ messages in thread From: hasufell @ 2014-03-29 22:31 UTC (permalink / raw To: gentoo-dev -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Toralf Förster: > On 03/29/2014 08:12 PM, Tom Wijsman wrote: >> On Sat, 29 Mar 2014 07:15:14 -0400 Alex Xu <alex_y_xu@yahoo.ca> >> wrote: > >>> On 29/03/14 06:07 AM, Toralf Förster wrote: >>>> WRT to but 504616 I'd like to address my questions made in >>>> https://bugs.gentoo.org/show_bug.cgi?id=504616#c6 to this >>>> list again : >>>> >>>> "Since the Debian debakel with "fixing" an uninitialized >>>> memeory I'm very skeptical to distribution specific >>>> corrections which are not included upstream. At least I'm >>>> wondering if the USE flag hpn should be enabled by the user >>>> explicitely - currently it is in IUSE already." >>> >>> 1. Please use a spelling checker. >>> >>> 2. IUSE doesn't mean what you think it means. >>> http://devmanual.gentoo.org/quickstart/#ebuild-with-use-flags > >> Toralf wants to indicate that it is implicitly enabled by >> default (by the '+' character); and thus, he would like to see it >> become disabled by default, such that the user can explicitly >> enable it. > > Yes - that's what I want. We have had those debates whether the "+" should follow upstream decisions and such. Short answer: the maintainer decides. There is no consistency for this and there will never be. > > At least an einfo should be added to the package IMO telling the > user that HPN is enabled by default. > No, that's not the right approach. There are tools you can use to check what flags are enabled. Use 'eix' and 'equery' for example. -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJTN0nSXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMDlCNDQ4NjEyNDI4NjA5REVEMDI3MzIy MjBDRDFDNUJERUVEMDIwAAoJECIM0cW97tAg/IUP/0TXUmCfrzFupp1QIyVYbhR7 0bKE3b1/9BE40nCHPTbnLGUQs5kOa8PtINF9RkfZZuJ/yHwhdN6dCu5MqMIK2avv HfQVqVQ7bNpe3M+Ljkc/UScVLecgab7hmFk/R/OTDArsCw5Z4BIFmqDu2lYN62NW 0iWm7fV/tbPqb+f91fg2/DdTuRTptiVnjPd3n8RnxUEfzdHfLzFP4D893C4zY6vU NtGP1erM61pzbvcVBFoecbgtve6X/VkP7Ctp2QE+/zES6/xkVlwASuvNrjfMog+Y b5tis/R+LUrwz6ngmPiu/a1mlh4oB0gVMJZbCgk1YfDGVPNSrhg5opVoAyN9uAaF QOgPmgPP/9ntYw4G3pPznb3GDXXnrZrLMFXwDFTRia69qfPNBO/+DL1eB0t//E16 RAJbambJqmqKtSZZZCcxaG/3QQmWGrC1hbkIej7FGAORDsWG3cV7me2wIYm/AYeH VfdciY95SxbD0WsvZfn8gCi+t8us6JAOKo0j1INsMywZ5ui5khNBdkW7+vunjkd5 z2m57bWDek7zoNPY5LdUYB2NNVjpaVzKwaeP08xIMKW9eR+rn5+JFZrZ5mB7HY1H 4/MnRZLdpIzKE0WpmfrEyGAGLEkhCwxAVZAqWtwv+W4lH0CxdBuAqlT9m9ZPtdSD lk08Oa5adjHBXDCflCUx =GVHS -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 16+ messages in thread
* [gentoo-dev] Re: Why is IUSE=hpn mandatory in openssh ? 2014-03-29 22:31 ` hasufell @ 2014-03-30 23:15 ` Duncan 2014-03-31 7:36 ` [gentoo-dev] " Dirkjan Ochtman 1 sibling, 0 replies; 16+ messages in thread From: Duncan @ 2014-03-30 23:15 UTC (permalink / raw To: gentoo-dev hasufell posted on Sat, 29 Mar 2014 22:31:46 +0000 as excerpted: >> At least an einfo should be added to the package IMO telling the user >> that HPN is enabled by default. >> >> > No, that's not the right approach. There are tools you can use to check > what flags are enabled. Use 'eix' and 'equery' for example. ... Or even the gentoo-recommended emerge --pretend or emerge -ask and actually examining the output to ensure it's doing what you intend, before actually going ahead. Gentoo has never pretended to be a hand-holding distribution (tho it seems to be getting rather more so these days); gentooers ignoring that recommendation... get to keep the pieces. =:^) If a gentooer didn't care enough to bother following long established best-practice recommendations and thus end up with what might be an insecure ssh despite the tools and recommendations available to help them make an appropriate choice, that's their problem, not gentoo's. If they can't be bothered to care, there's other distributions around to do that baby-sitting for them. (Of course, whether such distributions are themselves simply acting in accord with the wishes of NSA nannies is an entirely different question... at least gentoo generally exposes that sort of choice to the user... as it is in fact doing here, as well.) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-03-29 22:31 ` hasufell 2014-03-30 23:15 ` [gentoo-dev] " Duncan @ 2014-03-31 7:36 ` Dirkjan Ochtman 2014-03-31 11:15 ` Alex Xu 1 sibling, 1 reply; 16+ messages in thread From: Dirkjan Ochtman @ 2014-03-31 7:36 UTC (permalink / raw To: Gentoo Development On Sat, Mar 29, 2014 at 11:31 PM, hasufell <hasufell@gentoo.org> wrote: > We have had those debates whether the "+" should follow upstream > decisions and such. Short answer: the maintainer decides. There is no > consistency for this and there will never be. That may be true, I still think it behooves us to be particularly careful about including non-upstream patches on extremely sensitive software such as openssh, so I don't think saying "maintainer decides" is a good enough response to Toralf's questions. On Mon, Mar 31, 2014 at 1:15 AM, Duncan <1i5t5.duncan@cox.net> wrote: > Gentoo has never pretended to be a hand-holding distribution (tho it > seems to be getting rather more so these days); gentooers ignoring that > recommendation... get to keep the pieces. =:^) While I can see where you're coming from, that doesn't mean the Gentoo developers shouldn't provide sensible defaults. If we load up all Gentoo systems with an insecure OpenSSH by default, saying "ah, you should have fixed the configuration" is just a cop-out. So, I'm interested... How widely used is the HPN patch set? Are there any good indications that it doesn't negatively impact security? Cheers, Dirkjan ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-03-31 7:36 ` [gentoo-dev] " Dirkjan Ochtman @ 2014-03-31 11:15 ` Alex Xu 2014-03-31 17:35 ` Toralf Förster 0 siblings, 1 reply; 16+ messages in thread From: Alex Xu @ 2014-03-31 11:15 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 496 bytes --] On 31/03/14 03:36 AM, Dirkjan Ochtman wrote: > So, I'm interested... How widely used is the HPN patch set? Are there > any good indications that it doesn't negatively impact security? https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=292932 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693424 https://lists.fedoraproject.org/pipermail/devel/2007-July/105570.html https://aur.archlinux.org/packages/openssh-hpn/ https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/162253 [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 836 bytes --] ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-03-31 11:15 ` Alex Xu @ 2014-03-31 17:35 ` Toralf Förster 2014-04-08 18:34 ` Marcin Mirosław 0 siblings, 1 reply; 16+ messages in thread From: Toralf Förster @ 2014-03-31 17:35 UTC (permalink / raw To: gentoo-dev -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/31/2014 01:15 PM, Alex Xu wrote: > On 31/03/14 03:36 AM, Dirkjan Ochtman wrote: >> So, I'm interested... How widely used is the HPN patch set? Are there >> any good indications that it doesn't negatively impact security? > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=292932 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693424 > > https://lists.fedoraproject.org/pipermail/devel/2007-July/105570.html > > https://aur.archlinux.org/packages/openssh-hpn/ > > https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/162253 > Those bug reports are good arguments to have HPN as a feature in openssh. And most of them now many years old and still open. That's an argument to rethink if HPN should be activated quietly. - -- MfG/Sincerely Toralf Förster pgp finger print:1A37 6F99 4A9D 026F 13E2 4DCF C4EA CDDE 0076 E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlM5p3QACgkQxOrN3gB26U6MqAD/RYVZv8On17mFPrVW324H7DxT pkhSnIOCr/WEn1OaLaQA/3F4zjXdCvV0i7R56KeVunef/Wb7o68yHi9EBmKnfrZn =NdCj -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-03-31 17:35 ` Toralf Förster @ 2014-04-08 18:34 ` Marcin Mirosław 2014-04-08 18:40 ` Mike Gilbert 0 siblings, 1 reply; 16+ messages in thread From: Marcin Mirosław @ 2014-04-08 18:34 UTC (permalink / raw To: gentoo-dev W dniu 2014-03-31 19:35, Toralf Förster pisze: > On 03/31/2014 01:15 PM, Alex Xu wrote: >> On 31/03/14 03:36 AM, Dirkjan Ochtman wrote: >>> So, I'm interested... How widely used is the HPN patch set? Are there >>> any good indications that it doesn't negatively impact security? > >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=292932 >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693424 > >> https://lists.fedoraproject.org/pipermail/devel/2007-July/105570.html > >> https://aur.archlinux.org/packages/openssh-hpn/ > >> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/162253 > > > Those bug reports are good arguments to have HPN as a feature in openssh. > > And most of them now many years old and still open. > > That's an argument to rethink if HPN should be activated quietly. According to last problem with openssl and +tls-heartbeat I'd like to see less features enabled by default. USE="-*" isn't the best solution;) Marcin ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-04-08 18:34 ` Marcin Mirosław @ 2014-04-08 18:40 ` Mike Gilbert 2014-04-09 3:03 ` Rick "Zero_Chaos" Farina 2014-04-09 8:00 ` Dirkjan Ochtman 0 siblings, 2 replies; 16+ messages in thread From: Mike Gilbert @ 2014-04-08 18:40 UTC (permalink / raw To: Gentoo Dev On Tue, Apr 8, 2014 at 2:34 PM, Marcin Mirosław <marcin@mejor.pl> wrote: > According to last problem with openssl and +tls-heartbeat I'd like to > see less features enabled by default. USE="-*" isn't the best solution;) > A bug in an upstream-supported feature is quite different from a patched-in feature that upstream doesn't support. ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-04-08 18:40 ` Mike Gilbert @ 2014-04-09 3:03 ` Rick "Zero_Chaos" Farina 2014-04-09 14:54 ` Rich Freeman 2014-04-09 15:27 ` Kristian Fiskerstrand 2014-04-09 8:00 ` Dirkjan Ochtman 1 sibling, 2 replies; 16+ messages in thread From: Rick "Zero_Chaos" Farina @ 2014-04-09 3:03 UTC (permalink / raw To: gentoo-dev -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/08/2014 02:40 PM, Mike Gilbert wrote: Gentoo typically tries to keep patching to a minimum in general. To be enabling something like this by default seems bad, the fact that it is openssh compounds that. +1 for removing the + and leaving this optional (default off). I see no reason to not allow users who want the feature to have it, but let's not pretend that openssh is not important enough to have a little special treatment. Openssh has a fantastic security record, let's see if we can keep it that way by default. - -Zero -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTRLh5AAoJEKXdFCfdEflKD/8P/AlFnU6zMowVgpMaqotg/CzV y8Wa06bO2b0r7us8tZjqM5+D7MhjxPReNQPhd8t4D691USVGV/hLlYziVP1LSQ2O TxlLK9rNw5EtVS3mfTrjPk5oQE+OC7gQ+7z3XENyZcd8BvXA/NTxJxDLMHKOETId PuV6ff9M6v/3g+WSoZzoPL5Co0nknmUiRhemUEopH/CgAsmng9+XWnbSvF7u8jtj l8kHMNAeA6+tm1JIIZwPdfTOOVwbkqTekjGRrl/t9Ozo3fOxJdt2KgDhGfoQkhHc cDdeRNT9Kg146EPzpvnV6yDpNARNLSMC5qVqWPHMBru4O5xxogYx13aaDSa+YhD6 P/kg03WwHPu0Z6iQZI8bebF8oe/vLDK++9wb6IMd4r5MI4i3jhEL/9eVD4GtyNNS 5Rv/cuhYT/Z3rNYfn1FZ9mtpcQXgW4mqAGZDv/ULy7MLg8lhk+aA38mKtYq9b1XU VK8BqW7F2dphOwC3r0gSojW5pk487WwerTIgRutRhX1ordL+M9Oic32OWe8eR2v+ MIKzLRboJt/J+eayGlOQ6boSBcf1BVpFDRkdnI+Qo6qm18faLc8796jaTnBEzR90 Sz/UF01a8lkjjdGr61p+kxNR0cqVXVHYuQFX5gdULGS9E4FLQNq7uz+a0fwFZCxy 0VPMvHuEExnokP3J7gUr =ZbJ3 -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-04-09 3:03 ` Rick "Zero_Chaos" Farina @ 2014-04-09 14:54 ` Rich Freeman 2014-04-09 23:15 ` Joshua Kinard 2014-04-09 15:27 ` Kristian Fiskerstrand 1 sibling, 1 reply; 16+ messages in thread From: Rich Freeman @ 2014-04-09 14:54 UTC (permalink / raw To: gentoo-dev On Tue, Apr 8, 2014 at 11:03 PM, Rick "Zero_Chaos" Farina <zerochaos@gentoo.org> wrote: > Gentoo typically tries to keep patching to a minimum in general. To be > enabling something like this by default seems bad, the fact that it is > openssh compounds that. +1 for removing the + and leaving this optional > (default off). In general I agree with this approach. I think hpn is a bit more of a judgment call as it appears to be fairly mainstream and well-supported. I don't understand why it wasn't merged in, and perhaps the answer to that question might be informative. Still, big patch sets that aren't upstreamed should probably not be the default. Patches needed to integrate a package into Gentoo as a whole should of course be the default, since that is our whole reason for being. Rich ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-04-09 14:54 ` Rich Freeman @ 2014-04-09 23:15 ` Joshua Kinard 0 siblings, 0 replies; 16+ messages in thread From: Joshua Kinard @ 2014-04-09 23:15 UTC (permalink / raw To: gentoo-dev On 04/09/2014 10:54, Rich Freeman wrote: > On Tue, Apr 8, 2014 at 11:03 PM, Rick "Zero_Chaos" Farina > <zerochaos@gentoo.org> wrote: >> Gentoo typically tries to keep patching to a minimum in general. To be >> enabling something like this by default seems bad, the fact that it is >> openssh compounds that. +1 for removing the + and leaving this optional >> (default off). > > In general I agree with this approach. I think hpn is a bit more of a > judgment call as it appears to be fairly mainstream and > well-supported. I don't understand why it wasn't merged in, and > perhaps the answer to that question might be informative. > > Still, big patch sets that aren't upstreamed should probably not be > the default. Patches needed to integrate a package into Gentoo as a > whole should of course be the default, since that is our whole reason > for being. Part of me thinks it's a time availability issue. OpenSSH is, effectively, a sub-project of OpenBSD, and I believe they focus primarily on making it work on OBSD, followed by the portable releases to other OSes. I myself am testing an updated patch to enable SSH over SCTP that's been sitting in their bug queue[1] for a good while. Working good so far on Linux/amd64, Linux/mips, and FreeBSD/amd64[VM], so I was thinking of adding it to our ebuild via the 'sctp' USE, defaulted to off. That said, I searched the OpenSSH bugzilla for "hpn" and "high performance", and nothing comes back, so it appears that the HPN patch has not been put into their bugzilla. Hence, it's probably not on the priority list for inclusion. This link explains HPN support better: http://www.psc.edu/index.php/hpn-ssh/640 The question at the bottom of that FAQ indicates that the HPN upstream has provided the patch to the OpenSSH devs, but they really should create a bug for it and attach their patch there. Refs: 1. https://bugzilla.mindrot.org/show_bug.cgi?id=2016 -- Joshua Kinard Gentoo/MIPS kumba@gentoo.org 4096R/D25D95E3 2011-03-28 "The past tempts us, the present confuses us, the future frightens us. And our lives slip away, moment by moment, lost in that vast, terrible in-between." --Emperor Turhan, Centauri Republic ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-04-09 3:03 ` Rick "Zero_Chaos" Farina 2014-04-09 14:54 ` Rich Freeman @ 2014-04-09 15:27 ` Kristian Fiskerstrand 1 sibling, 0 replies; 16+ messages in thread From: Kristian Fiskerstrand @ 2014-04-09 15:27 UTC (permalink / raw To: gentoo-dev -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 04/09/2014 05:03 AM, Rick "Zero_Chaos" Farina wrote: > On 04/08/2014 02:40 PM, Mike Gilbert wrote: > > Gentoo typically tries to keep patching to a minimum in general. > To be enabling something like this by default seems bad, the fact > that it is openssh compounds that. +1 for removing the + and > leaving this optional (default off). Just to pitch in that as a user I'm in favor of this approach as well. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Vincit qui se vincit He who conquers conquers self -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTRWbHAAoJEPw7F94F4TagmS4P/3K3tasMuPXMw/FYmlPLTDbA z84RByRhaq2IX4HDVAL1FRN4NSdDxt7BNOsVn45R3n8Quih1zQIAGOSqpD8NxNZ5 boXOsToLsa+43hT2j5SEOcbG3K79XwxiOQHmwekVFS2dzh2rhnVC0qrGWaCG9I0m x/F2HcuX05F3pQCffzrqclfP+BpN1ohyf5GkOnumqRhvG/AIqxk8cExLDWLJNTjk TYxYL+jutthwWzGmtQmwWVTx7BKaFJVJA6jgIpQoAMq65ihkiGdy844dIfEFo2T+ mrXpc5QH+0UccwIqlbLozpK8N1MUqL4/4lDd3e9D6+uhNOrD0IWQ6kNitrgoG4k8 B72PG85xV/datGB/MRULXLEusRCM+ZZepvDHtpQZVCxydwtQtTdWodi2Bs5iHK1O wrdf1/uQdSEdYQiBM3J63rk9Qr1sEYbPnfR/ploJa5L71XYVxU5S8FdCwJ+iwbHk 3vNtmFW3TJmrKYen/R/3BfiIkYcpf28KOF4Cr1MLoZuwmhNy2cq8964PH2enMV5H 6YS4IQJLei3pEOMcRwRSGfwSh9/+6njHalG6bp6CQ9vHBwuYV8IkBnxdZGBHddMe pLan1n4ICX1AvJdcMO/fOUfPuM0u97eZrRJwe7ZOnFHwit/gfLflGYk3goImKtvk WWX+1mka8U68FXu30toX =qXMp -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? 2014-04-08 18:40 ` Mike Gilbert 2014-04-09 3:03 ` Rick "Zero_Chaos" Farina @ 2014-04-09 8:00 ` Dirkjan Ochtman 1 sibling, 0 replies; 16+ messages in thread From: Dirkjan Ochtman @ 2014-04-09 8:00 UTC (permalink / raw To: Gentoo Development On Tue, Apr 8, 2014 at 8:40 PM, Mike Gilbert <floppym@gentoo.org> wrote: > A bug in an upstream-supported feature is quite different from a > patched-in feature that upstream doesn't support. Since no maintainer has spoken up here, I filed a bug: https://bugs.gentoo.org/show_bug.cgi?id=507210 I filed a similar bug about openssl[tls-heartbeat] yesterday: https://bugs.gentoo.org/show_bug.cgi?id=507130 Cheers, Dirkjan ^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2014-04-09 23:15 UTC | newest] Thread overview: 16+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-03-29 10:07 [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? Toralf Förster 2014-03-29 11:15 ` Alex Xu 2014-03-29 19:12 ` Tom Wijsman 2014-03-29 22:16 ` Toralf Förster 2014-03-29 22:31 ` hasufell 2014-03-30 23:15 ` [gentoo-dev] " Duncan 2014-03-31 7:36 ` [gentoo-dev] " Dirkjan Ochtman 2014-03-31 11:15 ` Alex Xu 2014-03-31 17:35 ` Toralf Förster 2014-04-08 18:34 ` Marcin Mirosław 2014-04-08 18:40 ` Mike Gilbert 2014-04-09 3:03 ` Rick "Zero_Chaos" Farina 2014-04-09 14:54 ` Rich Freeman 2014-04-09 23:15 ` Joshua Kinard 2014-04-09 15:27 ` Kristian Fiskerstrand 2014-04-09 8:00 ` Dirkjan Ochtman
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox