Marc SCHAEFER wrote: > > To avoid this, there seem to be two approaches: > > - remove those dependancies (see below) > > - confine the impact of those dependancies, as proposed > by some developpers, in having those dependancies confined > (not examined here) > > To solve this, I could use a Bastion host with a limited, non Debian, > OS, or I could recompile the OpenSSH package on Debian with options > disabled. > > What do you think about this approach?
It's fine, but it changes your methodology from "the Debian Security Team works for me and supplies new packages pretty quickly" to "I need to be my own security team, and understand what's going on with each upstream change." Not everyone wants that, but Debian should (and does) provide the tools you need to do it your way. -dsr-
