DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 52690TmC342151
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 52690TmC342151
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=SfnN73sH
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6FF83385842D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1741251628;
	bh=eTb5S1vKei+jkycqDVBnb72RPrsSs9mw85azGnQM3Jk=;
	h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=SfnN73sHbQbLGPDbmpe3f+DVvESrOuj9yqJ9bUpNbEgr1Gc3WmpWK8ZEjzlosRyJT
	 xM3w4G3JJxeOd9U78FImpDclQ1jXmLERR8hdUVey2Yn5Bfv5cV4L7ZABznUXMnvhKQ
	 COwjeJeB71VEVMQgMD+3VwsdVCaiSb1lY1Jcf1/c=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 229B43858D28
Date: Thu, 6 Mar 2025 09:59:21 +0100
To: cygwin AT cygwin DOT com
Subject: Re: Cygwin OpenSSH version detection by Tenable
Message-ID: <Z8lj6aZTX26v_H9j@calimero.vinschen.de>
Mail-Followup-To: cygwin AT cygwin DOT com
References: <PH0PR84MB18364E960950D1F0C2080315A5CB2 AT PH0PR84MB1836 DOT NAMPRD84 DOT PROD DOT OUTLOOK DOT COM>
 <19A5E907-7DDF-4FB8-9004-0C8A6B269C1A AT unified-streaming DOT com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <19A5E907-7DDF-4FB8-9004-0C8A6B269C1A@unified-streaming.com>
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com>
Reply-To: cygwin AT cygwin DOT com
Cc: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>

On Mar  5 20:49, Dimitry Andric via Cygwin wrote:
> In my opinion, it is wrong that scanners rely on this information. :-)

Exactly.

> I guess something similar could be done in the Cygwin package. This is
> up to the Cygwin maintainers of course.

And that doesn't change if some distros tweak their identification
string but others don't.  Fedora, for instance doesn't do that either.
So a security scanner relying on that, is simply wrong.

Cygwin's OpenSSH package is from the stock sources without local change
for ages, since Cygwin is one of the supported upstream platforms.  Any
necessary change will go upstream, so that the Cygwin version can be
built from stock upstream again.


Corinna

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple