On Mar 5 20:49, Dimitry Andric via Cygwin wrote: > In my opinion, it is wrong that scanners rely on this information. :-)
Exactly. > I guess something similar could be done in the Cygwin package. This is > up to the Cygwin maintainers of course. And that doesn't change if some distros tweak their identification string but others don't. Fedora, for instance doesn't do that either. So a security scanner relying on that, is simply wrong. Cygwin's OpenSSH package is from the stock sources without local change for ages, since Cygwin is one of the supported upstream platforms. Any necessary change will go upstream, so that the Cygwin version can be built from stock upstream again. Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
