MIR for libssh

For those whom it may concern, I've uploaded the final 0.4.0 release to the archive tonight.

FWIW, I'd rather have this reviewed by Kees, since ssh is highly security sensitive.

I'm curious out the choice of libssh over libssh2. There seem to be some
licensing, speed, and thread-safety benefits with libssh2.

@Kees Cook: Looks like you read this FUD page on the libssh2 website. I don't want to start arguing here, the page is complete crap.

To make it simple:

KDE uses libssh and requires it for kio_sftp

@Kees: FYI, the commenter is upstream for both libssh and kio_sftp. All the GUI SFTP capability in KDE rests on kio_sftp and we certainly don't have the resources in the Kubuntu team to port to a different libssh, so I hope you'll be able to support this.

Oh good, it has the openssl license exception; thank you! Since this is effectively a crypto library, would it be possible to enable the test suite in "tests/" during the build to help catch any glitches when doing security or SRU updates? After that, I would +1 it.

Hello,

I work upstream for libssh. There is no way to activate the test suite in libssh for two good reasons:
-Libssh actually has no testsuite. The test/ directory is more meant as some code the authors (including me) wrote to test new features, but that code is not maintained and doesn't act as a testsuite. Such testsuite should be implemented, at least partially, with the next big libssh release.
-Even when this testsuite will be implemented, the use of the tests during compilation would not be a good idea in my opinion, because the tests will require a SSH server configured in a certain way. We could see for instances report of failed tests on systems without SSH server, or where the connection to localhost fails for trivial reasons.

I'd also add that libssh is not exactly a cryptographic library. Cryptography is done within libcrypto of libgcrypt depending how libssh is compiled. There are some functions in libssh that are worth unit-testing, like base64-{en|de}coding, Diffie-helman using libbignum, ...
We will try to provide tests that can run for them at compile time in next release.

Feel free to ask me if you have any other question.

Regards,

Aris

Okay, cool. +1 from me. It would be really helpful to have a testsuite that could run as a stand-alone during the build to catch regressions in the libssh functionality, but it's not required for this to go into main. Just a random feature request. :) Thanks!

promoted to main, thanks kees and Aris

Note, that now we have ability to run autopkgtests (DEP-8) and can have an ssh server running.