Talk:OpenSSH/Archive 1

This page is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

I'm all for Open Source, and making sure the code is non-proprietary, but articles should be non-biased.

Please see ftp://ftp.funet.fi/pub/mirrors/ftp.ssh.com/pub/ssh/ for the latest release, _with source code_.

Much better, now the bias is removed. :) Finally.

The History section mentions the 4.5 release which was since replace by 4.6. Shouldn't the 4.6 release then be mentioned instead? -- Ernstdehaan 08:25, 9 May 2007 (UTC)

"After several meetings, Ylonen's request for a renaming of the protocol was denied, citing concerns that it would set a bad precedent for other trademark claims against the IETF. "

When was that meeting?—The preceding unsigned comment was added by 64.114.83.92 (talk • contribs) 2006-10-11T05:50:30.

The meeting was held on March 19th, 2001 in Minneapolis. The Meeting Notes contain a pretty basic overview of what happened in the working group meeting. niels 00:19, 16 October 2006 (UTC)

Thanks Niels, I'll try squeezing that link in the article. Janizary 15:49, 16 October 2006 (UTC)

SIGH! If you take a look at talk I've linked to the source code of the commercial version. The code is open for everyone to read and validate. The licence doesn't really matter for security, as long as the code is available.

The claims made by Lee Daniel Crocker is _biased_ (!)

I made no claims whatsoever. I reported that what OpenSSH folks claim--and they really do claim this--that openness is important to security. That's a simple statement of fact, that a certain group of people make a certain claim. That's true, unbiased, and I think relevant and important to the article. Whether or not the claim is true is a side issue--if you want to say something about that, go ahead. --LDC

He may have a point though, e.g., if the SSH licence doesn't permit distribution of patches or versions with security fixes applied.

"except that You may create patches, bug fixes and additional features and bundle or distribute the Software with certain operating systems as specified above;"

You are explicitly allowed to create and bundle with patches.

STOP deleting the openness=security claim, dammit. The claim is made, it's important, and it should be reported. I'm glad that you also want to criticize the claim, but stop deleting it! As evidence for the importance of the claim, I quote exactly from the first item on the "features" page of OpenSSH:

Open Source Project : The OpenSSH source code is available free to everyone via the Internet. This encourages code reuse and code auditing. Code review ensures the bugs can be found and corrected by anyone. This results in secure code.

This is the very first feature they think is important to mention, and it the reflected in the very name of the product. This is relevant and significant and needs to be in the article. --LDC

The way its written now is excellent, the way it _was_ written didn't refere to the OpenBSD developers claim at all.

213.145.164.106 added the "grain of salt" comment. I've reworded the last paragraph to be a little less biased. Personally, I don't agree with it, but it would be nice if there were actually some real *numbers* to back up the claim of more "exploitable conditions". b4hand

Saying 'during the last year' isn't going to be terribly useful in a few months time, either. Do we know what time period it's actually referring to?

The text confuses general port forwarding and X11 forwarding, which are done slightly differently (X11 forwarding is somewhat intelligent). Also /etc/initd is somewhat os and even distribution specific? Some ssh defaults have changed over time to make it more secure, so a bit of review of this article might be in order. Kim Bruning 08:20, 10 Aug 2004 (UTC)

Information sources to be used in compiling information about the trademark dispute.

http://it.slashdot.org/article.pl?sid=01/02/14/1120247&tid=93 http://it.slashdot.org/article.pl?sid=01/02/16/0217209&tid=93 http://slashdot.org/article.pl?sid=01/03/22/1426236&tid=99 http://www.newsforge.com/article.pl?sid=01/02/16/1520247 http://news.com.com/Ssh+Dont+use+that+trademark/2009-1001_3-253102.html

I'll get around to using that information in a while. Janizary 19:01, 27 September 2005 (UTC)

Would be nice to talk about the prevalence of OpenSSH on public Internet servers: http://www.openssh.com/usage/. Nielsprovos 06:25, 15 April 2006 (UTC)

Well, since I cannot start a page without registering, I won't be doing a peer review. But I had been planning to until I found out about that. 65.95.124.5 22:37, 2 April 2006 (UTC)

I disagree, the misconception stems from OpenSSH's prevalence in the Unix world and it's dependence on OpenSSL and should thus be mentioned in both articles, thus helping to ensure and random reader looses said misconception. 74.13.31.42 22:52, 6 February 2007 (UTC)

Prevalence is irrevelent. This is an article about OpenSSH, not a place to provide information about OpenSSL. It belongs in OpenSSL. People have lots of stupid ideas, it doesn't mean they should be mentioned anywhere they can be squeezed in on the faintest pretext. If you can provide a specific example of where the OpenSSH/OpenSSL mix-up happened and affected OpenSSH, then it is relevent... do lots of people post bug reports or queries on OpenSSL to the OpenSSH lists? has an OpenSSH developer commented on it, negatively or humourously or whatever? NicM 08:12, 7 February 2007 (UTC).

In fact, I'd say it shouldn't even appear in OpenSSL, unless its had some effect on it too. NicM 08:18, 7 February 2007 (UTC).

On second thoughts, let's have it, but in a different place. NicM 09:32, 7 February 2007 (UTC).

http://bsd.slashdot.org/comments.pl?sid=180878&threshold=1&commentsort=0&mode=thread&cid=14966670 shows one of the many random shmucks that think OpenBSD's OpenSSH develops OpenSSL. 74.13.31.42 14:30, 7 February 2007 (UTC)

So? People believe lots of things, that doesn't mean it has any effect on the projects or that it is encylopedic. NicM 14:58, 7 February 2007 (UTC).

But it is good to clear these kinds of problems up where possible, listing said information helps stem the problem. 74.13.31.42 02:03, 8 February 2007 (UTC)

It's very cute but I can't find any non-Wikipedia mention of it - it's listed here as if it's a slogan. Is it an official slogan at all or did it just get put on Wikipedia. If so I don't think it's really encyclopedic content. —EatMyShortz 13:57, 30 May 2007 (UTC)

This is from the OpenBSD 3.0 release song. It is a mostly unofficial motto. See: http://www.openbsd.org/lyrics.html#30 Cmgross 17:05, 30 May 2007 (UTC)