DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 52690TmC342151 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 52690TmC342151 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=SfnN73sH X-Recipient: archive-cygwin@delorie.com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6FF83385842D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1741251628; bh=eTb5S1vKei+jkycqDVBnb72RPrsSs9mw85azGnQM3Jk=; h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=SfnN73sHbQbLGPDbmpe3f+DVvESrOuj9yqJ9bUpNbEgr1Gc3WmpWK8ZEjzlosRyJT xM3w4G3JJxeOd9U78FImpDclQ1jXmLERR8hdUVey2Yn5Bfv5cV4L7ZABznUXMnvhKQ COwjeJeB71VEVMQgMD+3VwsdVCaiSb1lY1Jcf1/c= X-Original-To: cygwin@cygwin.com Delivered-To: cygwin@cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 229B43858D28 Date: Thu, 6 Mar 2025 09:59:21 +0100 To: cygwin@cygwin.com Subject: Re: Cygwin OpenSSH version detection by Tenable Message-ID: Mail-Followup-To: cygwin@cygwin.com References: <19A5E907-7DDF-4FB8-9004-0C8A6B269C1A@unified-streaming.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <19A5E907-7DDF-4FB8-9004-0C8A6B269C1A@unified-streaming.com> X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Corinna Vinschen via Cygwin Reply-To: cygwin@cygwin.com Cc: Corinna Vinschen Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces~archive-cygwin=delorie.com@cygwin.com Sender: "Cygwin" On Mar 5 20:49, Dimitry Andric via Cygwin wrote: > In my opinion, it is wrong that scanners rely on this information. :-) Exactly. > I guess something similar could be done in the Cygwin package. This is > up to the Cygwin maintainers of course. And that doesn't change if some distros tweak their identification string but others don't. Fedora, for instance doesn't do that either. So a security scanner relying on that, is simply wrong. Cygwin's OpenSSH package is from the stock sources without local change for ages, since Cygwin is one of the supported upstream platforms. Any necessary change will go upstream, so that the Cygwin version can be built from stock upstream again. Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple