Re: Debian openssh option review: considering splitting out GSS-API key exchange

[Colin Watson <cjwatson@debian.org>]

[Dropping CC to the upstream mailing list.]

On Fri, Sep 27, 2024 at 04:56:21PM +0700, Arnaud Rebillout wrote:
> On 30/08/2024 17:11, Colin Watson wrote:
> > This is now implemented in Debian unstable.  I called the packages
> > openssh-client-gssapi and openssh-server-gssapi, with the intention of
> > splitting out both GSS-API authentication and key exchange support
> > later: that is, in trixie+1 I intend to build openssh without
> > --with-kerberos5 as well as dropping the key exchange patch from the
> > main packages, and you'd have to use openssh-*-gssapi for either
> > function.
> 
> I need clarification please. If I want to retain GSS-API support, should I:
> 
> 1) install only openssh-client-gssapi (assuming it will provide the full
> client + support for GSS-API, and maybe conflict with openssh-client)
> 
> 2) install openssh-client + openssh-client-gssapi (assuming
> openssh-client-gssapi will only contain extra libraries that will be loaded
> by the ssh client, and maybe will NOT even depend on openssh-client, who
> knows)
> 
> My understanding at the moment is that it's going to be option 1), but I'd
> like to make sure.

Option 1 is correct.  At some point in the future it will probably
conflict with openssh-client; at present it only depends on it.

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]