was RE: [Dshield] more OpenSSH 'badness' now OT updating freebsdports via cvsup

Jeff Godin jeff at tcnet.org
Thu Sep 18 15:04:33 GMT 2003

On Thu, 18 Sep 2003, Lauro, John wrote:

> Isn't a p for pre?  What did you expect?

No. Not in the OpenSSH versioning scheme. The p in 3.7p1 and 3.7.1p1
stands for "portable".

OpenSSH is essentially part of OpenBSD. The OpenBSD team declares a
version number, such as 3.7 or 3.7.1. The OpenSSH Portabliity Team then
applies patches that allow OpenSSH to run on platforms other than OpenBSD,
and releases that as 3.7p1, 3.7.1p1, etc.

Roughly, if a bug in an OpenSSH version is discovered, 3.7 is patched and
the new release becomes 3.7.1.  If a bug in the porting process for a
version is discovered, the new release would be from 3.7.1p1 to 3.7.1p2.

Vendors also backport security fixes to prior versions of OpenSSH, often
adding a package revision to the end of the version string, though that
package revision usually doesn't make it into the OpenSSH version string
displayed on connect. (This complicates "there are N thousand machines on
the Internet still running an old version of OpenSSH" statistics, but
overall isn't a terrible thing.)

That's my understanding.

See http://www.openssh.com/portable.html for more details.


Jeff Godin
Network Specialist
Traverse Area District Library / Traverse Community Network
jeff at tcnet.org

More information about the list mailing list