[Info-vax] Viewing SSH users on VMS

Thu Sep 5 13:30:45 EDT 2024

On Sat, 27 Jul 2024 19:20:00 -0400, Arne Vajhøj wrote:

> On 7/27/2024 7:13 PM, Chris Townley wrote:
>> On 28/07/2024 00:03, Arne Vajhøj wrote:
>>> On 7/27/2024 6:36 PM, Lawrence D'Oliveiro wrote:
>>>> On Sat, 27 Jul 2024 16:58:34 -0400, Arne Vajhøj wrote:
>>>>> VSI obvious can and probably should add it to the VMS port.
>>>>
>>>> For “port” read “fork”.
>>>>
>>>> Unless these sorts of changes get accepted upstream, you end up with
>>>> the burden of maintaining your own parallel version, and keeping up
>>>> with upstream developments.
>>>>
>>>> Somehow, I don’t think they have the resources for that.
>>>
>>> For a product that is important security wise it makes sense to keep
>>> up.
>>>
>>> And I don't think it should be that bad. 30 years ago one would create
>>> and reapply diffs. Today I believe Git can handle it.
>> 
>> It does worry me a bit that VSI are making their own versions of these
>> packages, rather than putting them back into the packages as VMS
>> variants, that they will maintain within the package. Surely that would
>> imply commitment to the package, as well as the platform
> 
> It makes sense for VSI to provide builds of something like OpenSSH and
> ship with VMS. It is expected functionality and "go get something from
> the internet" may not work well for all VMS customers.
> 
> Ideally the VMS changes should be sent upstream so that VMS is an
> out-of-the-box supported platform.
> 
> But there can be many reasons why that may not have happened.
> Maybe VSI did not prioritize it. Maybe the upstream project rejected the
> VMS changes.
> 
> My understanding is that VMS support and upstream projects are not
> always easy. Sometimes it requires diplomacy at a high level.
> 
> But VSI should definitely try.
> 
> Arne

One concern I have had as of late is the lack of even just a published 
source tarball for some of these projects - which are GPL licensed. 

I'm told that part of the reason they don't just blast it up on github is 
they don't have the resources/people to manage external pull requests and 
the like - which sounds entirely bogus to me. Microsoft has dumped tons of 
historic source code on github and set the project repo to "archive"  mode 
which means it's read only and no one can submit any requests, post 
anything, open issues, etc - effectively just publishing a source tarball 
on a download link without having to host it or pay for the resources 
yourself. 

Supposedly you can email them and ask, and receive the source that way, 
but that's a bit of a burden and very redhat-esque (Except in red hat's 
case, you can get access to bulk download SRPMs for free after jumping 
through some hoops). 

I'd think doing something like that would ease all of my concerns 
regarding licensing entirely - nevermind the chance to study some of the 
differences and methods used for porting the software in the first place 
that could be applied to other projects/software......