Bug 1190921 - update tmate to 2.4
update tmate to 2.4
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
x86-64 openSUSE Leap 15.2
: P5 - None : Normal (vote)
: ---
Assigned To: Andreas Schneider
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-09-27 08:59 UTC by Bernhard Wiedemann
Modified: 2021-10-04 10:20 UTC (History)
2 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Wiedemann 2021-09-27 08:59:04 UTC
We run our own internal tmate server and I was thinking that upgrading tmate in Leap to 2.4 might be worth it.

Pro:
* MD5 has known collisions and it would be good to replace it with secure SHA256
* having 2.4 everywhere reduces friction for users:
  providing users with different fingerprint configs for 2.2.x and 2.4 is harder

Con:
* the way MD5 is used in tmate, might not be affected by collisions
* all users of custom tmate servers will need to update their configs
  - how do we notify them?


Alternatively, could we add a tmate24 package to Leap Update repos?