LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

OpenSSH 5.0 released

OpenSSH 5.0 released

Posted Apr 4, 2008 13:15 UTC (Fri) by jhubbard83 (guest, #21750)
In reply to: OpenSSH 5.0 released by madscientist
Parent article: OpenSSH 5.0 released 

I don't know the real reason so this is just conjecture.  Maintainers will carry around
patches for a package that others find useful.  RedHat/Fedora really do want to patches to go
into upstream so that they don't have to carry them around.  

You've indicated that there are 50+ patches that they have been carrying since 2005.  I don't
know if that is true or not, but that would seem to indicate that it is hard to get patches
accepted in upstream for whatever reason.  The package maintainer has probably accepted that
requests for patches being accepted will fall on deaf ears and has not bothered to attempt to
get the supplier of the patch to send it upstream.  

I couldn't find any links quickly, but I have seen posts in the past about the difficulty of
getting patches into openssh.  At some point people will stop caring and won't attempt it
anymore.  This is not just an issue with OpenSSH but it common to other projects as well.
Con Kolivas's decision to stop providing is a high visibility example.If someone at openssh
really wanted, they could probably pull the source for the major distibutions packages and see
what they're putting in them.

Don't get me wrong I'm not trying to cast blame onto anyone, it's just the way life is and
people make mistakes. Fix it and go on.

(Log in to post comments)

OpenSSH 5.0 released

Posted Apr 4, 2008 13:16 UTC (Fri) by jhubbard83 (guest, #21750) [Link] 

Here's the Fedora openssh repo, if anyone is interested.
http://cvs.fedoraproject.org/viewcvs/rpms/openssh/

OpenSSH 5.0 released

Posted Apr 4, 2008 15:07 UTC (Fri) by madscientist (subscriber, #16861) [Link] 

Actually, I didn't say there were 50+ patches.  What I said was that THIS patch has been
applied to 50+ different Red Hat openssh RPM versions, since it was first discovered in 2005.
I have no idea how many different patches Red Hat is carrying for openssh, although that would
be interesting to look at.

You're right, we don't know whether Red Hat tried to report this upstream, and was rebuffed,
or not.  However, there's no indication (in the bug report etc.) that such an attempt was
made.  I have also heard rumors that it can be difficult to get bugs reported upstream for
openssh, probably because of the odd way it is packaged where the developers maintain only the
OpenBSD port and other people are left to maintain all the other ports: in some cases it might
be tricky to convince the developers that the bug exists in the original OpenBSD version as
well.

Still, as I said, even without the security implications being reported it seems like this is
an obvious bug that they would have been interested to hear about.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds