On Mar 19, 2007, at 4:26 PM, William Ahern wrote:
On Tue, Mar 20, 2007 at 09:25:49AM +1100, Darren Tucker wrote:
This has been the default for years, I don't know why you're only
seeing
problems now (unless Apple used to change the default in their
packages
and now don't?)
The original poster is running Mac OS X 10.3.9. 10.3 is 3 years old.
For one thing, Apple hasn't updated their version of OpenSSH for
years.
Which patches they backport is anyone's guess. They certainly haven't
backported control socket mastering.
Apple doesn't backport much of anything in the open source projects,
they just update the the latest release. At the same time, Apple
doesn't update *any* software in Mac OS X unless there are security
flaws or other bug fixes. Mac OS X is a commercial operating system
that cannot afford the release-early-and-fix-often mentality. It has
to work (well enough) the first time, and not break later. (Yes, I
know that this doesn't always happen. Its /supposed/ to work this way.)
Likewise for OpenSSL. Basically, Apple ceased all Unix environment
development the moment OS X shipped. Soon porting Unix apps to OS X
will be
as fun as to Microsoft's POSIX interface.
That's just not true. With each major release of Mac OS X, Apple
syncs with the FreeBSD userland. Almost all commands that were
shipping with FreeBSD 5.0 are the versions in Tiger. In some cases,
Tiger versions have been updated due to security fixes or just bug
fixes, as I mentioned above. That's not all that old.
Specifically for OpenSSH. Apple updated to OpenSSH 3.8 (from 3.6) in
a security update sometime after 10.4.6 (it might simply have been in
10.4.7, I don't remember). The latest security update came up to
OpenSSH 4.5.
The moral of the story: If you want Apple to update a working open
source package in between major releases, then find and report [to
Apple] a security flaw that is fixed in the version of the package
that you want Apple to update to. ;-)
JP
--
"Human beings, who are almost unique in having the ability to learn
from the experience of others, are also remarkable for their apparent
disinclination to do so." -- Douglas Adams
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|