RedHat forks OpenSSH?

Damien Miller djm at mindrot.org
Tue Nov 9 01:44:04 UTC 2004


Jos Vos wrote:
> On Tue, Nov 09, 2004 at 07:23:44AM +1100, Damien Miller wrote:
> 
> 
>>Nobody disputes Redhat's right to fork OpenSSH, but why does
>>Redhat not make their desired changes through the standard RPM
>>patching mechanism? By distributing their own OpenSSH tarballs
>>instead of patching pristine sources, Redhat breaks the link of
>>transparency, accountability and trust that their own RPM build
>>model is supposed to provide.
> 
> They do the same for "xmms", for example, to eliminate MP3 support
> *and also not ship MP3 source code*, due to possible legal issues.

Then they should also chop RC4 out of OpenSSL, OpenSSH and anything else
that implements it because its legal status is near identical.

-d




More information about the fedora-devel-list mailing list