OpenSSH Packages No Longer Suggest openssh-blacklist

Discussion:

(too old to reply)

Alex Robbins

2014-04-10 21:40:01 UTC

I have been using Debian Testing (Jessie) and tried to upgrade today, and
aptitude tried to remove openssh-blacklist and openssh-blacklist-extra
as they
were no longer used. Upon further inspection, in...

Debian Wheezy:
openssh-client and openssh-server recommend openssh-blacklist and
openssh-blacklist-extra

Debian Jessie Recently (according to the packages on my system before
the upgrade):
openssh-client and openssh-server suggest openssh-blacklist and
openssh-blacklist-extra

Debian Jessie Currently:
Neither openssh-client nor openssh-server depend on openssh-blacklist or
openssh-blacklist-extra in any way

I do not quite know which programs use the blacklist, but what is the
reason for
this change? Shouldn't the client, the server, or both at least suggest
openssh-blacklist? I couldn't find anything about this in the changelogs.

Thanks,
Alex Robbins

--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: https://lists.debian.org/***@gmail.com

Sven Joachim

2014-04-10 22:10:02 UTC

Permalink

Post by Alex Robbins
I have been using Debian Testing (Jessie) and tried to upgrade today, and
aptitude tried to remove openssh-blacklist and openssh-blacklist-extra
as they
were no longer used. Upon further inspection, in...
openssh-client and openssh-server recommend openssh-blacklist and
openssh-blacklist-extra
Debian Jessie Recently (according to the packages on my system before
openssh-client and openssh-server suggest openssh-blacklist and
openssh-blacklist-extra
Neither openssh-client nor openssh-server depend on openssh-blacklist or
openssh-blacklist-extra in any way
I do not quite know which programs use the blacklist, but what is the
reason for
this change? Shouldn't the client, the server, or both at least suggest
openssh-blacklist? I couldn't find anything about this in the changelogs.

It's this particular change:

,----
| openssh (1:6.5p1-1) unstable; urgency=medium
| [...]
| * Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code,
| leaving only basic configuration file compatibility, since it has been
| nearly six years since the original vulnerability and this code is not
| likely to be of much value any more (closes: #481853, #570651). See
| https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full
| reasoning.
| [...]
| -- Colin Watson <***@debian.org> Mon, 10 Feb 2014 14:58:26 +0000
`----

The removal of ssh-vulnkey means that the blacklist isn't used anymore.

Cheers,
Sven

--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: https://lists.debian.org/***@turtle.gmx.de

Alex Robbins

2014-04-11 20:30:01 UTC

Permalink

*From:* Sven Joachim <***@gmx.de>
*Sent:* Thursday, April 10, 2014 5:08PM
*To:* debian-***@lists.debian.org
*Subject:* Re: OpenSSH Packages No Longer Suggest openssh-blacklist

Post by Sven Joachim

,----
| openssh (1:6.5p1-1) unstable; urgency=medium
| [...]
| * Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code,
| leaving only basic configuration file compatibility, since it has been
| nearly six years since the original vulnerability and this code is not
| likely to be of much value any more (closes: #481853, #570651). See
| https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full
| reasoning.
| [...]
`----
The removal of ssh-vulnkey means that the blacklist isn't used anymore.
Cheers,
Sven

So I see. Thank you.

--
To UNSUBSCRIBE, email to debian-user-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: https://lists.debian.org/***@gmail.com