Discussion:
[suggest] Re: suggest Digest, Vol 57, Issue 5
Nico Kadel-Garcia
2010-03-10 12:44:19 UTC
Permalink
From: "Yury V. Zaytsev" <yury at shurup.com>
Subject: Re: [suggest] OpenSSH 4.8p1 or above.
To: Victor <dawormie at gmail.com>
FYI,
OpenSSH 5.4p1 for CentOS 5 RPMs
http://centos.alt.ru/?p=373
Apologies for the page being in Russian.
I don't see your SRPM. But I don't read Russian.

Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.

Do you have the SRPM where we could review it? Or did you use the
built-in .spec file?
Yury V. Zaytsev
2010-03-10 13:08:35 UTC
Permalink
Post by Nico Kadel-Garcia
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.

In what concerns Russian, you can use Google Translate. The direct link
to the packages is here: http://centos.alt.ru/pub/openssh/ .
Post by Nico Kadel-Garcia
Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
--
Sincerely yours,
Yury V. Zaytsev
Victor
2010-03-10 15:05:21 UTC
Permalink
Just to be aware, based on my reviews and popular comments I personally
wouldn't install anything outside of CentOS repo's, EPEL or RPMForge.
Even then with EPEL and RPMForge it's mostly for a couple of things not in
CentOS.

I'd rather stick with officially released and trusted sites that I know of.
I think you for the pointer though Yury, I hope someone else finds use of it
:)

--Victor
Post by Yury V. Zaytsev
Post by Nico Kadel-Garcia
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.
In what concerns Russian, you can use Google Translate. The direct link
to the packages is here: http://centos.alt.ru/pub/openssh/ .
Post by Nico Kadel-Garcia
Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
--
Sincerely yours,
Yury V. Zaytsev
_______________________________________________
suggest mailing list
suggest at lists.rpmforge.net
http://lists.rpmforge.net/mailman/listinfo/suggest
--
Victor ('Daworm')
* Melbourne Wireless Node: KDJ & KDT
* Natural Selection 2 Wiki Sysop (http://www.unknownworlds.com/ns2/wiki/)
* AoCWiki Sysop (http://aoc.wikia.com/)
* Twitter: @dawormie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.repoforge.org/pipermail/users/attachments/20100311/ebc1e716/attachment.html
Dan Pritts
2010-03-10 15:56:41 UTC
Permalink
Post by Yury V. Zaytsev
In what concerns Russian, you can use Google Translate. The direct link
In my experience machine translation is nearly useless so I haven't
bothered trying it in years.

The New York Times just published an article on Google Translate.
The test results are amazing:

http://www.nytimes.com/2010/03/09/technology/09translate.html
http://www.nytimes.com/interactive/2010/03/09/technology/20100309-translate.html

Hmm, I wonder if they have taken the output of their book scanning
project and used it to teach their translation system.

danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224

Internet2 Spring Member Meeting
April 26-28, 2010 - Arlington, Virginia
http://events.internet2.edu/2010/spring-mm/
Yury V. Zaytsev
2010-03-10 21:52:13 UTC
Permalink
Post by Dan Pritts
Post by Yury V. Zaytsev
In what concerns Russian, you can use Google Translate. The direct link
In my experience machine translation is nearly useless so I haven't
bothered trying it in years.
I just tried it for the page in question and the result is more than
satisfying. I've been using it for quite a long time for Thai, Chinese,
Hindi and some European languages that I do not speak fluently and from
my own experience you can always figure out the original meaning without
too much effort.
Post by Dan Pritts
I'd rather stick with officially released and trusted sites that I
know of. I think you for the pointer though Yury, I hope someone else
finds use of it :)
I could have very well committed this to RPMForge adding proper
Conflicts: etc. If you want to keep your RHEL installations healthy and
secure what you should be looking at is not the origin of the package,
but to asses its quality and cherry pick it into your local repository
if it satisfies your criteria.
--
Sincerely yours,
Yury V. Zaytsev
Yury V. Zaytsev
2010-03-10 21:52:13 UTC
Permalink
Post by Dan Pritts
Post by Yury V. Zaytsev
In what concerns Russian, you can use Google Translate. The direct link
In my experience machine translation is nearly useless so I haven't
bothered trying it in years.
I just tried it for the page in question and the result is more than
satisfying. I've been using it for quite a long time for Thai, Chinese,
Hindi and some European languages that I do not speak fluently and from
my own experience you can always figure out the original meaning without
too much effort.
Post by Dan Pritts
I'd rather stick with officially released and trusted sites that I
know of. I think you for the pointer though Yury, I hope someone else
finds use of it :)
I could have very well committed this to RPMForge adding proper
Conflicts: etc. If you want to keep your RHEL installations healthy and
secure what you should be looking at is not the origin of the package,
but to asses its quality and cherry pick it into your local repository
if it satisfies your criteria.
--
Sincerely yours,
Yury V. Zaytsev
Yury V. Zaytsev
2010-03-10 21:52:13 UTC
Permalink
Post by Dan Pritts
Post by Yury V. Zaytsev
In what concerns Russian, you can use Google Translate. The direct link
In my experience machine translation is nearly useless so I haven't
bothered trying it in years.
I just tried it for the page in question and the result is more than
satisfying. I've been using it for quite a long time for Thai, Chinese,
Hindi and some European languages that I do not speak fluently and from
my own experience you can always figure out the original meaning without
too much effort.
Post by Dan Pritts
I'd rather stick with officially released and trusted sites that I
know of. I think you for the pointer though Yury, I hope someone else
finds use of it :)
I could have very well committed this to RPMForge adding proper
Conflicts: etc. If you want to keep your RHEL installations healthy and
secure what you should be looking at is not the origin of the package,
but to asses its quality and cherry pick it into your local repository
if it satisfies your criteria.
--
Sincerely yours,
Yury V. Zaytsev
Yury V. Zaytsev
2010-03-10 21:52:13 UTC
Permalink
Post by Dan Pritts
Post by Yury V. Zaytsev
In what concerns Russian, you can use Google Translate. The direct link
In my experience machine translation is nearly useless so I haven't
bothered trying it in years.
I just tried it for the page in question and the result is more than
satisfying. I've been using it for quite a long time for Thai, Chinese,
Hindi and some European languages that I do not speak fluently and from
my own experience you can always figure out the original meaning without
too much effort.
Post by Dan Pritts
I'd rather stick with officially released and trusted sites that I
know of. I think you for the pointer though Yury, I hope someone else
finds use of it :)
I could have very well committed this to RPMForge adding proper
Conflicts: etc. If you want to keep your RHEL installations healthy and
secure what you should be looking at is not the origin of the package,
but to asses its quality and cherry pick it into your local repository
if it satisfies your criteria.
--
Sincerely yours,
Yury V. Zaytsev
Yury V. Zaytsev
2010-03-10 21:52:13 UTC
Permalink
Post by Dan Pritts
Post by Yury V. Zaytsev
In what concerns Russian, you can use Google Translate. The direct link
In my experience machine translation is nearly useless so I haven't
bothered trying it in years.
I just tried it for the page in question and the result is more than
satisfying. I've been using it for quite a long time for Thai, Chinese,
Hindi and some European languages that I do not speak fluently and from
my own experience you can always figure out the original meaning without
too much effort.
Post by Dan Pritts
I'd rather stick with officially released and trusted sites that I
know of. I think you for the pointer though Yury, I hope someone else
finds use of it :)
I could have very well committed this to RPMForge adding proper
Conflicts: etc. If you want to keep your RHEL installations healthy and
secure what you should be looking at is not the origin of the package,
but to asses its quality and cherry pick it into your local repository
if it satisfies your criteria.
--
Sincerely yours,
Yury V. Zaytsev
Victor
2010-03-10 15:05:21 UTC
Permalink
Just to be aware, based on my reviews and popular comments I personally
wouldn't install anything outside of CentOS repo's, EPEL or RPMForge.
Even then with EPEL and RPMForge it's mostly for a couple of things not in
CentOS.

I'd rather stick with officially released and trusted sites that I know of.
I think you for the pointer though Yury, I hope someone else finds use of it
:)

--Victor
Post by Yury V. Zaytsev
Post by Nico Kadel-Garcia
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.
In what concerns Russian, you can use Google Translate. The direct link
to the packages is here: http://centos.alt.ru/pub/openssh/ .
Post by Nico Kadel-Garcia
Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
--
Sincerely yours,
Yury V. Zaytsev
_______________________________________________
suggest mailing list
suggest at lists.rpmforge.net
http://lists.rpmforge.net/mailman/listinfo/suggest
--
Victor ('Daworm')
* Melbourne Wireless Node: KDJ & KDT
* Natural Selection 2 Wiki Sysop (http://www.unknownworlds.com/ns2/wiki/)
* AoCWiki Sysop (http://aoc.wikia.com/)
* Twitter: @dawormie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.repoforge.org/pipermail/users/attachments/20100311/ebc1e716/attachment-0001.html
Dan Pritts
2010-03-10 15:56:41 UTC
Permalink
Post by Yury V. Zaytsev
In what concerns Russian, you can use Google Translate. The direct link
In my experience machine translation is nearly useless so I haven't
bothered trying it in years.

The New York Times just published an article on Google Translate.
The test results are amazing:

http://www.nytimes.com/2010/03/09/technology/09translate.html
http://www.nytimes.com/interactive/2010/03/09/technology/20100309-translate.html

Hmm, I wonder if they have taken the output of their book scanning
project and used it to teach their translation system.

danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224

Internet2 Spring Member Meeting
April 26-28, 2010 - Arlington, Virginia
http://events.internet2.edu/2010/spring-mm/
Victor
2010-03-10 15:05:21 UTC
Permalink
Just to be aware, based on my reviews and popular comments I personally
wouldn't install anything outside of CentOS repo's, EPEL or RPMForge.
Even then with EPEL and RPMForge it's mostly for a couple of things not in
CentOS.

I'd rather stick with officially released and trusted sites that I know of.
I think you for the pointer though Yury, I hope someone else finds use of it
:)

--Victor
Post by Yury V. Zaytsev
Post by Nico Kadel-Garcia
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.
In what concerns Russian, you can use Google Translate. The direct link
to the packages is here: http://centos.alt.ru/pub/openssh/ .
Post by Nico Kadel-Garcia
Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
--
Sincerely yours,
Yury V. Zaytsev
_______________________________________________
suggest mailing list
suggest at lists.rpmforge.net
http://lists.rpmforge.net/mailman/listinfo/suggest
--
Victor ('Daworm')
* Melbourne Wireless Node: KDJ & KDT
* Natural Selection 2 Wiki Sysop (http://www.unknownworlds.com/ns2/wiki/)
* AoCWiki Sysop (http://aoc.wikia.com/)
* Twitter: @dawormie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.repoforge.org/pipermail/users/attachments/20100311/ebc1e716/attachment-0002.html
Dan Pritts
2010-03-10 15:56:41 UTC
Permalink
Post by Yury V. Zaytsev
In what concerns Russian, you can use Google Translate. The direct link
In my experience machine translation is nearly useless so I haven't
bothered trying it in years.

The New York Times just published an article on Google Translate.
The test results are amazing:

http://www.nytimes.com/2010/03/09/technology/09translate.html
http://www.nytimes.com/interactive/2010/03/09/technology/20100309-translate.html

Hmm, I wonder if they have taken the output of their book scanning
project and used it to teach their translation system.

danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224

Internet2 Spring Member Meeting
April 26-28, 2010 - Arlington, Virginia
http://events.internet2.edu/2010/spring-mm/
Victor
2010-03-10 15:05:21 UTC
Permalink
Just to be aware, based on my reviews and popular comments I personally
wouldn't install anything outside of CentOS repo's, EPEL or RPMForge.
Even then with EPEL and RPMForge it's mostly for a couple of things not in
CentOS.

I'd rather stick with officially released and trusted sites that I know of.
I think you for the pointer though Yury, I hope someone else finds use of it
:)

--Victor
Post by Yury V. Zaytsev
Post by Nico Kadel-Garcia
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.
In what concerns Russian, you can use Google Translate. The direct link
to the packages is here: http://centos.alt.ru/pub/openssh/ .
Post by Nico Kadel-Garcia
Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
--
Sincerely yours,
Yury V. Zaytsev
_______________________________________________
suggest mailing list
suggest at lists.rpmforge.net
http://lists.rpmforge.net/mailman/listinfo/suggest
--
Victor ('Daworm')
* Melbourne Wireless Node: KDJ & KDT
* Natural Selection 2 Wiki Sysop (http://www.unknownworlds.com/ns2/wiki/)
* AoCWiki Sysop (http://aoc.wikia.com/)
* Twitter: @dawormie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.repoforge.org/pipermail/users/attachments/20100311/ebc1e716/attachment-0003.html
Dan Pritts
2010-03-10 15:56:41 UTC
Permalink
Post by Yury V. Zaytsev
In what concerns Russian, you can use Google Translate. The direct link
In my experience machine translation is nearly useless so I haven't
bothered trying it in years.

The New York Times just published an article on Google Translate.
The test results are amazing:

http://www.nytimes.com/2010/03/09/technology/09translate.html
http://www.nytimes.com/interactive/2010/03/09/technology/20100309-translate.html

Hmm, I wonder if they have taken the output of their book scanning
project and used it to teach their translation system.

danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224

Internet2 Spring Member Meeting
April 26-28, 2010 - Arlington, Virginia
http://events.internet2.edu/2010/spring-mm/
Victor
2010-03-10 15:05:21 UTC
Permalink
Just to be aware, based on my reviews and popular comments I personally
wouldn't install anything outside of CentOS repo's, EPEL or RPMForge.
Even then with EPEL and RPMForge it's mostly for a couple of things not in
CentOS.

I'd rather stick with officially released and trusted sites that I know of.
I think you for the pointer though Yury, I hope someone else finds use of it
:)

--Victor
Post by Yury V. Zaytsev
Post by Nico Kadel-Garcia
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.
In what concerns Russian, you can use Google Translate. The direct link
to the packages is here: http://centos.alt.ru/pub/openssh/ .
Post by Nico Kadel-Garcia
Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
--
Sincerely yours,
Yury V. Zaytsev
_______________________________________________
suggest mailing list
suggest at lists.rpmforge.net
http://lists.rpmforge.net/mailman/listinfo/suggest
--
Victor ('Daworm')
* Melbourne Wireless Node: KDJ & KDT
* Natural Selection 2 Wiki Sysop (http://www.unknownworlds.com/ns2/wiki/)
* AoCWiki Sysop (http://aoc.wikia.com/)
* Twitter: @dawormie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.repoforge.org/pipermail/users/attachments/20100311/ebc1e716/attachment-0004.html>
Dan Pritts
2010-03-10 15:56:41 UTC
Permalink
Post by Yury V. Zaytsev
In what concerns Russian, you can use Google Translate. The direct link
In my experience machine translation is nearly useless so I haven't
bothered trying it in years.

The New York Times just published an article on Google Translate.
The test results are amazing:

http://www.nytimes.com/2010/03/09/technology/09translate.html
http://www.nytimes.com/interactive/2010/03/09/technology/20100309-translate.html

Hmm, I wonder if they have taken the output of their book scanning
project and used it to teach their translation system.

danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224

Internet2 Spring Member Meeting
April 26-28, 2010 - Arlington, Virginia
http://events.internet2.edu/2010/spring-mm/
Nico Kadel-Garcia
2010-03-10 12:44:19 UTC
Permalink
From: "Yury V. Zaytsev" <yury at shurup.com>
Subject: Re: [suggest] OpenSSH 4.8p1 or above.
To: Victor <dawormie at gmail.com>
FYI,
OpenSSH 5.4p1 for CentOS 5 RPMs
http://centos.alt.ru/?p=373
Apologies for the page being in Russian.
I don't see your SRPM. But I don't read Russian.

Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.

Do you have the SRPM where we could review it? Or did you use the
built-in .spec file?
Yury V. Zaytsev
2010-03-10 13:08:35 UTC
Permalink
Post by Nico Kadel-Garcia
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.

In what concerns Russian, you can use Google Translate. The direct link
to the packages is here: http://centos.alt.ru/pub/openssh/ .
Post by Nico Kadel-Garcia
Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
--
Sincerely yours,
Yury V. Zaytsev
Nico Kadel-Garcia
2010-03-10 12:44:19 UTC
Permalink
From: "Yury V. Zaytsev" <yury at shurup.com>
Subject: Re: [suggest] OpenSSH 4.8p1 or above.
To: Victor <dawormie at gmail.com>
FYI,
OpenSSH 5.4p1 for CentOS 5 RPMs
http://centos.alt.ru/?p=373
Apologies for the page being in Russian.
I don't see your SRPM. But I don't read Russian.

Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.

Do you have the SRPM where we could review it? Or did you use the
built-in .spec file?
Yury V. Zaytsev
2010-03-10 13:08:35 UTC
Permalink
Post by Nico Kadel-Garcia
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.

In what concerns Russian, you can use Google Translate. The direct link
to the packages is here: http://centos.alt.ru/pub/openssh/ .
Post by Nico Kadel-Garcia
Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
--
Sincerely yours,
Yury V. Zaytsev
Nico Kadel-Garcia
2010-03-10 12:44:19 UTC
Permalink
From: "Yury V. Zaytsev" <yury at shurup.com>
Subject: Re: [suggest] OpenSSH 4.8p1 or above.
To: Victor <dawormie at gmail.com>
FYI,
OpenSSH 5.4p1 for CentOS 5 RPMs
http://centos.alt.ru/?p=373
Apologies for the page being in Russian.
I don't see your SRPM. But I don't read Russian.

Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.

Do you have the SRPM where we could review it? Or did you use the
built-in .spec file?
Yury V. Zaytsev
2010-03-10 13:08:35 UTC
Permalink
Post by Nico Kadel-Garcia
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.

In what concerns Russian, you can use Google Translate. The direct link
to the packages is here: http://centos.alt.ru/pub/openssh/ .
Post by Nico Kadel-Garcia
Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
--
Sincerely yours,
Yury V. Zaytsev
Nico Kadel-Garcia
2010-03-10 12:44:19 UTC
Permalink
From: "Yury V. Zaytsev" <yury at shurup.com>
Subject: Re: [suggest] OpenSSH 4.8p1 or above.
To: Victor <dawormie at gmail.com>
FYI,
OpenSSH 5.4p1 for CentOS 5 RPMs
http://centos.alt.ru/?p=373
Apologies for the page being in Russian.
I don't see your SRPM. But I don't read Russian.

Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.

Do you have the SRPM where we could review it? Or did you use the
built-in .spec file?
Yury V. Zaytsev
2010-03-10 13:08:35 UTC
Permalink
Post by Nico Kadel-Garcia
I don't see your SRPM. But I don't read Russian.
These packages are not mine and I am in no way affiliated with the
person that is providing them. I was just to let the OP know, that such
a thing does exist, although not in RPMForge.

In what concerns Russian, you can use Google Translate. The direct link
to the packages is here: http://centos.alt.ru/pub/openssh/ .
Post by Nico Kadel-Garcia
Installing such a core security tool as a binary from an unknown
developer or vendor is probably a bad idea. There are enough changes
between 4.8 and 5.x, particularly in the support of Kerberos
authrntication, that I'd be quite cautious of an encryption software
RPM that grants login privileges, from an unknown source. Not that I'm
saying you did anything wrong or illicit, but there have been times
when even commercial providers, like RedHat, had their build machines
corrupted and potentially cracked binaries published and signed with
their GPG keys.
What prevents you from grabbing the SRPM, checking the SPEC and
rebuilding it against the sources that you can fetch from the OpenSSH
website?
--
Sincerely yours,
Yury V. Zaytsev
Loading...