Misplaced Pages

Talk:OpenSSH

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

This is an old revision of this page, as edited by Janizary (talk | contribs) at 15:49, 16 October 2006 (History). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 15:49, 16 October 2006 by Janizary (talk | contribs) (History)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)
WikiProject iconCryptography: Computer science Unassessed
WikiProject iconThis article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Misplaced Pages. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography
???This article has not yet received a rating on Misplaced Pages's content assessment scale.
???This article has not yet received a rating on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science.

Much better, now the bias is removed. :) Finally.

History

"After several meetings, Ylonen's request for a renaming of the protocol was denied, citing concerns that it would set a bad precedent for other trademark claims against the IETF. "

When was that meeting?—The preceding unsigned comment was added by 64.114.83.92 (talkcontribs) 2006-10-11T05:50:30.

The meeting was held on March 19th, 2001 in Minneapolis. The Meeting Notes contain a pretty basic overview of what happened in the working group meeting. niels 00:19, 16 October 2006 (UTC)
Thanks Niels, I'll try squeezing that link in the article. Janizary 15:49, 16 October 2006 (UTC)

SIGH

SIGH! If you take a look at talk I've linked to the source code of the commercial version. The code is open for everyone to read and validate. The licence doesn't really matter for security, as long as the code is available.

The claims made by Lee Daniel Crocker is _biased_ (!)

I made no claims whatsoever. I reported that what OpenSSH folks claim--and they really do claim this--that openness is important to security. That's a simple statement of fact, that a certain group of people make a certain claim. That's true, unbiased, and I think relevant and important to the article. Whether or not the claim is true is a side issue--if you want to say something about that, go ahead. --LDC

He may have a point though, e.g., if the SSH licence doesn't permit distribution of patches or versions with security fixes applied.


From the licence:

"except that You may create patches, bug fixes and additional features and bundle or distribute the Software with certain operating systems as specified above;"

You are explicitly allowed to create and bundle with patches.

STOP deleting the openness=security claim, dammit. The claim is made, it's important, and it should be reported. I'm glad that you also want to criticize the claim, but stop deleting it! As evidence for the importance of the claim, I quote exactly from the first item on the "features" page of OpenSSH:

Open Source Project : The OpenSSH source code is available free to everyone via the Internet. This encourages code reuse and code auditing. Code review ensures the bugs can be found and corrected by anyone. This results in secure code.

This is the very first feature they think is important to mention, and it the reflected in the very name of the product. This is relevant and significant and needs to be in the article. --LDC

The way its written now is excellent, the way it _was_ written didn't refere to the OpenBSD developers claim at all.

213.145.164.106 added the "grain of salt" comment. I've reworded the last paragraph to be a little less biased. Personally, I don't agree with it, but it would be nice if there were actually some real *numbers* to back up the claim of more "exploitable conditions". b4hand


Saying 'during the last year' isn't going to be terribly useful in a few months time, either. Do we know what time period it's actually referring to?

About time for some review

The text confuses general port forwarding and X11 forwarding, which are done slightly differently (X11 forwarding is somewhat intelligent). Also /etc/initd is somewhat os and even distribution specific? Some ssh defaults have changed over time to make it more secure, so a bit of review of this article might be in order. Kim Bruning 08:20, 10 Aug 2004 (UTC)


The trademark case

Information sources to be used in compiling information about the trademark dispute.

http://it.slashdot.org/article.pl?sid=01/02/14/1120247&tid=93 http://it.slashdot.org/article.pl?sid=01/02/16/0217209&tid=93 http://slashdot.org/article.pl?sid=01/03/22/1426236&tid=99 http://www.newsforge.com/article.pl?sid=01/02/16/1520247 http://news.com.com/Ssh+Dont+use+that+trademark/2009-1001_3-253102.html

I'll get around to using that information in a while. Janizary 19:01, 27 September 2005 (UTC)

Usage

Would be nice to talk about the prevalence of OpenSSH on public Internet servers: http://www.openssh.com/usage/. Nielsprovos 06:25, 15 April 2006 (UTC)

PR

Well, since I cannot start a page without registering, I won't be doing a peer review. But I had been planning to until I found out about that. 65.95.124.5 22:37, 2 April 2006 (UTC)

Categories: