Discussion:
[suggest] Re: suggest Digest, Vol 57, Issue 6
Nico Kadel-Garcia
2010-03-11 12:53:34 UTC
Permalink
From: "Yury V. Zaytsev" <yury at shurup.com>
Subject: Re: [suggest] Re: suggest Digest, Vol 57, Issue 5
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.
It's cool. The author of the web page made what I consider to be a
mistake: he published the link as a "download from *here*" sort of
link, handily translated by Google, rather than publish the actual URL
for the content at http://centos.alt.ru/pub/openssh/RHEL/.

I'll personally try to pry free a few cycles to look at the SRPM. I'd
tried a backport of the Fedora 12 version, and backed off when another
engineer introduced the use of "Centrify" to get single-sign-on
working for various systems. It's cool commercial stuff: they've done
the sort of integration I'd try to do with more time and more
platforms available, including the PAM changes and a GUI for
integrating the account management with a local Active Directory
server. Nice stuff!
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
Inability to read Russian (now addressed), and a shortage of time. I,
personally, have the expertise and experience to rebuild such objects
without blinking. A lot of people on this list do, I'm sure. I'm far
less confident of the security of the build environment, or of the
reliability of an unknown developer to use the actual SRPM to build
the RPM rather than using his password logging version. In fact. And
grabbing the RPM from such an unknown site for such a core security
tool is.... well, it's like giving someone your housekeys. I'd like to
know them a little better before I trust them *that* much.
Nico Kadel-Garcia
2010-03-11 12:53:34 UTC
Permalink
From: "Yury V. Zaytsev" <yury at shurup.com>
Subject: Re: [suggest] Re: suggest Digest, Vol 57, Issue 5
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.
It's cool. The author of the web page made what I consider to be a
mistake: he published the link as a "download from *here*" sort of
link, handily translated by Google, rather than publish the actual URL
for the content at http://centos.alt.ru/pub/openssh/RHEL/.

I'll personally try to pry free a few cycles to look at the SRPM. I'd
tried a backport of the Fedora 12 version, and backed off when another
engineer introduced the use of "Centrify" to get single-sign-on
working for various systems. It's cool commercial stuff: they've done
the sort of integration I'd try to do with more time and more
platforms available, including the PAM changes and a GUI for
integrating the account management with a local Active Directory
server. Nice stuff!
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
Inability to read Russian (now addressed), and a shortage of time. I,
personally, have the expertise and experience to rebuild such objects
without blinking. A lot of people on this list do, I'm sure. I'm far
less confident of the security of the build environment, or of the
reliability of an unknown developer to use the actual SRPM to build
the RPM rather than using his password logging version. In fact. And
grabbing the RPM from such an unknown site for such a core security
tool is.... well, it's like giving someone your housekeys. I'd like to
know them a little better before I trust them *that* much.
Nico Kadel-Garcia
2010-03-11 12:53:34 UTC
Permalink
From: "Yury V. Zaytsev" <yury at shurup.com>
Subject: Re: [suggest] Re: suggest Digest, Vol 57, Issue 5
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.
It's cool. The author of the web page made what I consider to be a
mistake: he published the link as a "download from *here*" sort of
link, handily translated by Google, rather than publish the actual URL
for the content at http://centos.alt.ru/pub/openssh/RHEL/.

I'll personally try to pry free a few cycles to look at the SRPM. I'd
tried a backport of the Fedora 12 version, and backed off when another
engineer introduced the use of "Centrify" to get single-sign-on
working for various systems. It's cool commercial stuff: they've done
the sort of integration I'd try to do with more time and more
platforms available, including the PAM changes and a GUI for
integrating the account management with a local Active Directory
server. Nice stuff!
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
Inability to read Russian (now addressed), and a shortage of time. I,
personally, have the expertise and experience to rebuild such objects
without blinking. A lot of people on this list do, I'm sure. I'm far
less confident of the security of the build environment, or of the
reliability of an unknown developer to use the actual SRPM to build
the RPM rather than using his password logging version. In fact. And
grabbing the RPM from such an unknown site for such a core security
tool is.... well, it's like giving someone your housekeys. I'd like to
know them a little better before I trust them *that* much.
Nico Kadel-Garcia
2010-03-11 12:53:34 UTC
Permalink
From: "Yury V. Zaytsev" <yury at shurup.com>
Subject: Re: [suggest] Re: suggest Digest, Vol 57, Issue 5
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.
It's cool. The author of the web page made what I consider to be a
mistake: he published the link as a "download from *here*" sort of
link, handily translated by Google, rather than publish the actual URL
for the content at http://centos.alt.ru/pub/openssh/RHEL/.

I'll personally try to pry free a few cycles to look at the SRPM. I'd
tried a backport of the Fedora 12 version, and backed off when another
engineer introduced the use of "Centrify" to get single-sign-on
working for various systems. It's cool commercial stuff: they've done
the sort of integration I'd try to do with more time and more
platforms available, including the PAM changes and a GUI for
integrating the account management with a local Active Directory
server. Nice stuff!
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
Inability to read Russian (now addressed), and a shortage of time. I,
personally, have the expertise and experience to rebuild such objects
without blinking. A lot of people on this list do, I'm sure. I'm far
less confident of the security of the build environment, or of the
reliability of an unknown developer to use the actual SRPM to build
the RPM rather than using his password logging version. In fact. And
grabbing the RPM from such an unknown site for such a core security
tool is.... well, it's like giving someone your housekeys. I'd like to
know them a little better before I trust them *that* much.
Nico Kadel-Garcia
2010-03-11 12:53:34 UTC
Permalink
From: "Yury V. Zaytsev" <yury at shurup.com>
Subject: Re: [suggest] Re: suggest Digest, Vol 57, Issue 5
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.
It's cool. The author of the web page made what I consider to be a
mistake: he published the link as a "download from *here*" sort of
link, handily translated by Google, rather than publish the actual URL
for the content at http://centos.alt.ru/pub/openssh/RHEL/.

I'll personally try to pry free a few cycles to look at the SRPM. I'd
tried a backport of the Fedora 12 version, and backed off when another
engineer introduced the use of "Centrify" to get single-sign-on
working for various systems. It's cool commercial stuff: they've done
the sort of integration I'd try to do with more time and more
platforms available, including the PAM changes and a GUI for
integrating the account management with a local Active Directory
server. Nice stuff!
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
Inability to read Russian (now addressed), and a shortage of time. I,
personally, have the expertise and experience to rebuild such objects
without blinking. A lot of people on this list do, I'm sure. I'm far
less confident of the security of the build environment, or of the
reliability of an unknown developer to use the actual SRPM to build
the RPM rather than using his password logging version. In fact. And
grabbing the RPM from such an unknown site for such a core security
tool is.... well, it's like giving someone your housekeys. I'd like to
know them a little better before I trust them *that* much.

Continue reading on narkive:
Loading...