[gentoo-dev] [RFC v2] News item: OpenSSH 8.2_p1 running sshd breakage

[gentoo-dev] [RFC v2] News item: OpenSSH 8.2_p1 running sshd breakage

[Patrick McLean]

Title: OpenSSH 8.2_p1 running sshd breakage
Author: Patrick McLean <chutzpah@gentoo.org>
Posted: 2020-02-21
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: <net-misc/openssh-8.2

If sshd is running, and a system is upgraded from <net-misc/openssh-8.2_p1
to >=net-misc/openssh-8.2_p1, any new ssh connection will fail until sshd is
restarted.

Before restarting sshd, it is *strongly* recommended that you test your
configuraton with the following command (as root):
    sshd -t

If your system is booted with openrc, use this command  (as root) 
to restart sshd:
    rc-service sshd --nodeps restart

If your system is booted with systemd, use this command (as root)
to restart sshd:
    systemctl restart sshd

If you are using systemd socket activation for sshd, then no action is
required.

WARNING: On systemd booted machines with PAM disabled, this command
         will terminate all currently open ssh connections. It is *strongly*
         recommended that you validate your configuration before restarting
         sshd.

Re: [gentoo-dev] [RFC v2] News item: OpenSSH 8.2_p1 running sshd breakage

[Haelwenn (lanodan) Monnier]

[2020-02-19 13:32:01-0800] Patrick McLean:
> Title: OpenSSH 8.2_p1 running sshd breakage
> Author: Patrick McLean <chutzpah@gentoo.org>
> Posted: 2020-02-21
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: <net-misc/openssh-8.2
> 
> If sshd is running, and a system is upgraded from <net-misc/openssh-8.2_p1
> to >=net-misc/openssh-8.2_p1, any new ssh connection will fail until sshd is
> restarted.
> 
> Before restarting sshd, it is *strongly* recommended that you test your
> configuraton with the following command (as root):
>     sshd -t

Typo: s/configuraton/configuration/

> 
> If your system is booted with openrc, use this command  (as root) 
> to restart sshd:
>     rc-service sshd --nodeps restart
> 
> If your system is booted with systemd, use this command (as root)
> to restart sshd:
>     systemctl restart sshd
> 
> If you are using systemd socket activation for sshd, then no action is
> required.
> 
> WARNING: On systemd booted machines with PAM disabled, this command
>          will terminate all currently open ssh connections. It is *strongly*
>          recommended that you validate your configuration before restarting
>          sshd.
> 

Re: [gentoo-dev] [RFC v2] News item: OpenSSH 8.2_p1 running sshd breakage

[Ulrich Mueller]

>>>>> On Wed, 19 Feb 2020, Patrick McLean wrote:

> If sshd is running, and a system is upgraded from <net-misc/openssh-8.2_p1
> to >=net-misc/openssh-8.2_p1, any new ssh connection will fail until sshd is
> restarted.

The ebuild currently has this warning:
ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
ewarn "connection is generally safe."

Which IMHO is clearer than the introductory paragraph above.
Especially, I would suggest the last sentence to be included in the news
item.

Re: [gentoo-dev] [RFC v2] News item: OpenSSH 8.2_p1 running sshd breakage

[Joonas Niilola]

[-- Attachment #1.1: Type: text/plain, Size: 1628 bytes --]


On 2/19/20 11:32 PM, Patrick McLean wrote:
> Title: OpenSSH 8.2_p1 running sshd breakage
> Author: Patrick McLean <chutzpah@gentoo.org>
> Posted: 2020-02-21
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: <net-misc/openssh-8.2
>
> If sshd is running, and a system is upgraded from <net-misc/openssh-8.2_p1
> to >=net-misc/openssh-8.2_p1, any new ssh connection will fail until sshd is
> restarted.
>
> Before restarting sshd, it is *strongly* recommended that you test your
> configuraton with the following command (as root):
>     sshd -t
>
> If your system is booted with openrc, use this command  (as root) 

double space (inconsistent with similar sentence below)


> to restart sshd:
>     rc-service sshd --nodeps restart
>
> If your system is booted with systemd, use this command (as root)
> to restart sshd:
>     systemctl restart sshd
>
> If you are using systemd socket activation for sshd, then no action is
> required.
>
> WARNING: On systemd booted machines with PAM disabled, this command
>          will terminate all currently open ssh connections. It is *strongly*
>          recommended that you validate your configuration before restarting
>          sshd.
>
This is pretty much just nitpicking, but

https://www.gentoo.org/glep/glep-0042.html#news-item-body

"The text body should be wrapped at 72 characters. No fancy formatting
or tab characters should be used — the news item may be being displayed
directly to a terminal. Paragraphs should be separated by a blank line."

The 72 char limit breaks 4 times.


LGTM.


-- juippis



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 642 bytes --]