#16911: git-core requiring macports' ssh on leopard, openssh security concern ---------------------------------+------------------------------------------ Reporter: bcbarnes@gmail.com | Owner: macports-tickets@lists.macosforge.org Type: defect | Status: new Priority: Normal | Milestone: Port Bugs Component: ports | Version: 1.6.0 Resolution: | Keywords: Port: | ---------------------------------+------------------------------------------ Comment(by bcbarnes@gmail.com): Replying to [comment:11 nox@…]:
It's not in MacPorts policy to use a system software instead of the one provided by MacPorts itself, the only well-known exception is X11. I don't think we should make this exception for openssh too.
Well, I have no problem with *this port* using openssh installed by macports. To reiterate my original concern, it's that the combination of the installed binaries' names and the modification to $PATH by the macports' install script results in the system-wide default ssh being the macports' ssh, instead of Apple's ssh (again, by a default install of macports and git-core). Perhaps a compromise could be reached by either changing the default order in $PATH, or the executable names of the openssh binaries (similar to how the gcc4x ports have binary names which do not conflict with the system compilers). The openmpi package also uses different binary names by default. This being said, I'm just a macports user, and have no position to tell you all what to do. I just think this is a reasonable solution. When I use macports and find something not working as I would hope, I file a ticket and try to be constructive, instead of just complaining somewhere that "macports sucks". Macports is great. I want to continue using macports when possible for my third-party open source software installs, but continuing to subvert the system ssh by default would drive me away from macports my git installation. Is there a list somewhere which shows what other OS X /usr/bin or /bin executables may be trumped by a macports port install? I imagine something like emacs may be in such a list, but I think replacing the default emacs is much less scary than replacing ssh :) Please consider the point of view of the security-paranoid end-user, busy IT admins, and people who do not often upgrade outdated ports when finalizing this change. Thanks for reading. -- Ticket URL: <http://trac.macports.org/ticket/16911#comment:13> MacPorts <http://www.macports.org/> Ports system for Mac OS