[pkg-fso-maint] Bug#495795: dropbear: please provide the scp binary

Luca Capello luca at pca.it
Wed Aug 20 13:42:36 UTC 2008 

Package: dropbear
Version: 0.51-1
Severity: wishlist

Hello,

according to the Debian changelog [1], dropbear in Debian doesn't ship
the scp binary, which is a problem when installed on embedded devices,
like the Openmoko FreeRunner (GTA02) [2].

Is there any specific reason the scp binary is not compiled in?
Installing openssh-client requires 2MB, which can be a problem on small
flash memories.

Thx, bye,
Gismo / Luca

PS, I cc:ed the pkg-fso-maint mailing list, since this bug directly
    concerns Openmoko users :-)

Footnotes: 
[1] the first and only occurrence is in version 0.48-1:
    =====
    dropbear (0.48-1) unstable; urgency=medium

      * New upstream release.
      * SECURITY: Improve handling of denial of service attempts from a single
        IP.

      * debian/implicit: update to revision 1.11.
      * new upstream release updates to scp from OpenSSH 4.3p2 - fixes a
        security issue where use of system() could cause users to execute
        arbitrary code through malformed filenames; CVE-2006-0225 (see also
        #349645); the scp binary is not provided by this package though.

     -- Gerrit Pape <pape at smarden.org>  Fri, 10 Mar 2006 22:00:32 +0000
    =====
[2] http://lists.alioth.debian.org/pipermail/pkg-fso-maint/2008-August/000006.html

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: armel (armv4tl)

Kernel: Linux 2.6.24 (PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dropbear depends on:
ii  libc6                  2.7-13            GNU C Library: Shared libraries
ii  libgcc1                1:4.3.1-9         GCC support library
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

dropbear recommends no packages.

Versions of packages dropbear suggests:
pn  openssh-client                <none>     (no description available)
pn  runit                         <none>     (no description available)

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 314 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-fso-maint/attachments/20080820/db0c44b0/attachment.pgp

More information about the pkg-fso-maint mailing list