[Gt-eos] GSI-OpenSSH Packages for Ubuntu

Frank Scheiner scheiner at hlrs.de
Tue May 21 16:07:00 CEST 2019 

Hi Mischa, Adam,

On 5/19/19 13:01, Mischa Salle wrote:
> On Thu, May 16, 2019 at 03:16:12PM +0200, Frank Scheiner wrote:
>> Would it be possible to include the GSI-OpenSSH patches into the "official"
>> OpenSSH source package ([3]) and produce a second set of server and client
>> packages in addition to the existing OpenSSH server and client packages
>> which link to the GSI libraries. This way the amount of duplication would be
>> reduced and limited to the binary packages only.
> I think this is probably not a good idea, the 'official' openssh is used
> by vastly more people and these patches are still rather specific to a
> subgroup.

Granted, but isn't that - add GSI to the standard OpenSSH package - in 
general what was proposed by Christoph Anton Mitterer in the Debian bug 
#687517 ([1])?

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687517

> 
>> [3]: https://salsa.debian.org/ssh-team/openssh
>>
>> And if Debian can afford to have three implementations of SSH clients
>> (openssh-client ([4]), lsh-client ([5]), putty-tools ([6])) with assumed
>> identical functionality, a fourth implementation with the added
>> functionality of X.509-like authentication shouldn't hurt too much. It more
>> hurts the users that they can't use GSI-OpenSSH on Debian/Ubuntu.
>>
>> UPDATE: There's also another SSH implementation available in Debian, the one
>> from Dropbear, though I assume this does not provide all the features of the
>> other mentioned implementations.
> I think that's a fair argument. Why not add another one that actually
> adds something? Aparently, having 3 or 4 is not a problem...

Yeah, we maybe should first put that argument forward.

> 
>> [4]: https://packages.debian.org/sid/openssh-client
>>
>> [5]: https://packages.debian.org/sid/lsh-client
>>
>> [6]: https://packages.debian.org/sid/putty-tools
>>
>> Apart from all that, why not providing pre-compiled GSI-OpenSSH packages for
>> Debian/Ubuntu ourselves in the meantime? Even more so when we already have
>> the packaging meta data ready.
> This indeed seems to be the first thing to do.
> And if travis-ci can't do it, then the open buildservice could do it.

@Adam:
Is that (GSI-OpenSSH packages for Debian/Ubuntu) something you would 
like to setup?

@all:
The question is, how much effort it takes to adapt the patches for 
Fedora/EPEL to apply to Debian/Ubuntu.

Cheers,
Frank

-- 
Frank Scheiner

High Performance Computing Center Stuttgart (HLRS)
Department Project User Management & Accounting

Email: scheiner at hlrs.de
Phone: +49 711 685 68039

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2293 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.egi.eu/pipermail/discuss/attachments/20190521/d340d65c/attachment.p7s>

More information about the discuss mailing list