On Sun, Jan 08, 2023 at 08:48:33AM -0500, Nico Kadel-Garcia wrote:
>
> There is a third party SRPM at:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__rnd.rajven.net_centos_6_os_SRPMS_openssh-2D6.4p1-2D1cnt6.1.src.rpm&d=DwIBaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=APF_X_sbP87-U3byu32i-cPT0N0xHPBEhLmLSTRjCbrt6c02NpZBAfu3Z0LoBDLm&s=RoFP8HoZRy6liEx_Q1o6LAJzDhmsdUjdbqtBPSwXUrI&e=
>
For the record, urldefence successfully obscures the fact that it points
to rnd.rajven.net which happens to be registered in Moscow, Russia, per
xttps://www.whois.com/whois/rajven.net
A year ago, I would have said, yay, thanks!
But after certain recent events, I say thank you, but no, thanks.
P.S.
It looks like my remaining option is to build openssh from OpenBSD "portable" sources.
P.P.S. to answer some comments:
- obsolete - only because you say so. like a mechanical bike, it does today what it did yesterday, users are happy.
- "so old" - like a grand-father's axe, most our SL6 machines hardware was upgraded 2-3 times by now, they run from SSDs on DDR3/DDR4 RAM machines.
- exception is VME processors - true Pentium-3 and Pentium-4 machines, fit for a museum. purported replacement ("core-2 duo" CPU) was a lemon (high mortality, all dead now). next purported replacement was okey, but went out of production too soon. "just replace it" people, should look at current prices for VME processors and VME hardware, then ask about delivery times, then come back with suggestions (and $$$).
- insecure - exactly where? ssh insecure? nfs insecure? https insecure (A+ score from SSLlabs)?
- "hide behind firewall!" - done, 1-2 layers of firewalls. external ssh and https access is required by function.
- VMs, containers - shuffle chairs in the titanic, does not address any of the issues above.
--
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
|