[plug] file transfer performance linux/windows and filezilla
William Kenworthy
billk at iinet.net.au
Wed May 12 07:25:40 WST 2004
On Wed, 2004-05-12 at 06:23, Denis Brown wrote:
> How embarrassing.
yep ... :)
> <slightly off-thread>
> I see that OpenSSH is now at release 3.8p1 (portability branch) so the
> Debian 3.4p1-1.woody would seem to be a bit elderly. However this might
> not be true, given that Debian and other distros seem to offer patches for
> existing releases. Thus 3.4p1-1.woody might be much closer to 3.8p1 than
> the figures would suggest. How do the from-source distibutions such as
> gentoo and crux deal with this? Patching or outright fresh versions?
> </slightly o-t>
>
> Cheers,
> Denis
Why bother doing the patch dance?
gentoo just makes the latest fix release from the upstream source stable
after a suitable test period (very short if a serious security bug)
openssh 3.8.1_p1 is marked "~x86" and is in testing ready to go. gentoo
does patch, usually for functionality, rarely for security (though
kernels seem to be an exception to that) as the upstream source almost
always does that for you - its just gotta be tested first.
rattus root # emerge openssh -s
Searching...
[ Results for search key : openssh ]
[ Applications found : 1 ]
* net-misc/openssh
Latest version available: 3.8_p1
Latest version installed: 3.8_p1
Size of downloaded files: 934 kB
Homepage: http://www.openssh.com/
Description: Port of OpenBSD's free SSH release
License: as-is
rattus root # ACCEPT_KEYWORDS="~x86" emerge openssh -s
Searching...
[ Results for search key : openssh ]
[ Applications found : 1 ]
* net-misc/openssh
Latest version available: 3.8.1_p1
Latest version installed: 3.8_p1
Size of downloaded files: 939 kB
Homepage: http://www.openssh.com/
Description: Port of OpenBSD's free SSH release
License: as-is
Also, not sure how widespread the "knowledge" about checking gentoo for
sec updates is, but try emerge'ing gentools and run "glsa-check -l" to
check your system against all released security updates - still
experimental, but looks good so far.
One of the problems I see with binary distros is that patching older
code seems to create confusion - If see ssh 3.4 and immediately think
"insecure", and have to start looking up package versions to make sure
its ok. With gentoo, you can usually (except for kernels) go by the
upstream providers bug<->version map to see if you are vulnerable or
not. Much cleaner in IMHO.
For gentoo'ans, its also its possible to get the install history via
"genlop":
rattus root # genlop openssh
* net-misc/openssh
Thu Dec 26 16:44:02 2002 --> net-misc/openssh-3.5_p1
Fri Dec 27 10:43:18 2002 --> net-misc/openssh-3.5_p1
Wed Jan 8 00:17:11 2003 --> net-misc/openssh-3.5_p1
Fri Jan 17 04:50:57 2003 --> net-misc/openssh-3.5_p1
Sat May 3 07:49:17 2003 --> net-misc/openssh-3.6.1_p2
Sat Aug 16 03:12:26 2003 --> net-misc/openssh-3.6.1_p2
Mon Aug 25 21:02:28 2003 --> net-misc/openssh-3.6.1_p2
Wed Sep 17 20:50:50 2003 --> net-misc/openssh-3.7.1_p1
Thu Sep 18 18:57:43 2003 --> net-misc/openssh-3.7.1_p1
Wed Sep 24 06:52:00 2003 --> net-misc/openssh-3.7.1_p2
Mon Dec 8 09:41:09 2003 --> net-misc/openssh-3.7.1_p2-r1
Sat Feb 28 10:34:08 2004 --> net-misc/openssh-3.7.1_p2-r2
Mon Mar 29 23:35:09 2004 --> net-misc/openssh-3.7.1_p2-r2
Sat Apr 3 11:18:11 2004 --> net-misc/openssh-3.7.1_p2-r2
Fri Apr 30 22:24:33 2004 --> net-misc/openssh-3.8_p1
More information about the plug
mailing list