From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E9C611387FD for ; Mon, 31 Mar 2014 07:37:23 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A909BE0B62; Mon, 31 Mar 2014 07:37:17 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B8BAEE0AAE for ; Mon, 31 Mar 2014 07:37:16 +0000 (UTC) Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: djc) by smtp.gentoo.org (Postfix) with ESMTPSA id AE0EF33FC50 for ; Mon, 31 Mar 2014 07:37:15 +0000 (UTC) Received: by mail-pb0-f44.google.com with SMTP id rp16so7856421pbb.3 for ; Mon, 31 Mar 2014 00:37:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=tkgf9+wfM+a7n6udK9hdWMqQvzqkEkJ7ZAjRrMIdCqo=; b=A02HCsCuPV4N/MrolV97Akr3LtJ+viG3MydU9+GLSUzSQ5wxVF2IvW/W9m/Y6t7933 DpEw3DfkdbAHM0OMQEyua6djFesDi+4wW0prhuh7RbJNAyrDdh9suPTeIRTZfYlx8BOY zS+1FzhaFrfMaBIH3shtckMMdQX7QkbCIZ8K4yA+4cQ0FNcI4penSEW0IOYpNf6IhP4j 8DcncdysMJrgyEL2NeBz9+PU2dbhwfLvsdoOEG1tPNMiFrAzXY4DAa2zD0UgOj2QpgXM kRz/CwnCBo1UoY2Idbp7Nvdy/fJfuMRchLyXvsJbh1xS6DeCBL62Z51M07LbhziPFJxb MTdw== X-Received: by 10.66.164.36 with SMTP id yn4mr23424206pab.25.1396251434711; Mon, 31 Mar 2014 00:37:14 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.70.89.133 with HTTP; Mon, 31 Mar 2014 00:36:54 -0700 (PDT) In-Reply-To: <533749D2.3060504@gentoo.org> References: <53369B59.4000002@gmx.de> <5336AB42.2090007@yahoo.ca> <20140329201238.40d7cd56@gentoo.org> <5337463B.5050107@gmx.de> <533749D2.3060504@gentoo.org> From: Dirkjan Ochtman Date: Mon, 31 Mar 2014 09:36:54 +0200 Message-ID: Subject: Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ? To: Gentoo Development Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: 36426e94-7a5f-4289-86b9-c4d227e89428 X-Archives-Hash: 4611f4e622840a81a9465df691ae1860 On Sat, Mar 29, 2014 at 11:31 PM, hasufell wrote: > We have had those debates whether the "+" should follow upstream > decisions and such. Short answer: the maintainer decides. There is no > consistency for this and there will never be. That may be true, I still think it behooves us to be particularly careful about including non-upstream patches on extremely sensitive software such as openssh, so I don't think saying "maintainer decides" is a good enough response to Toralf's questions. On Mon, Mar 31, 2014 at 1:15 AM, Duncan <1i5t5.duncan@cox.net> wrote: > Gentoo has never pretended to be a hand-holding distribution (tho it > seems to be getting rather more so these days); gentooers ignoring that > recommendation... get to keep the pieces. =:^) While I can see where you're coming from, that doesn't mean the Gentoo developers shouldn't provide sensible defaults. If we load up all Gentoo systems with an insecure OpenSSH by default, saying "ah, you should have fixed the configuration" is just a cop-out. So, I'm interested... How widely used is the HPN patch set? Are there any good indications that it doesn't negatively impact security? Cheers, Dirkjan