search

jtesta / ssh-audit

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
MIT License
3.23k stars 165 forks source link

suggested new ssh-audit version scheme #255

Closed perkelix closed 3 months ago

perkelix commented 3 months ago

In its current form, ssh-audit merely increases the second digit in its version at every release e.g. 3.x.0 number.

A more useful numbering scheme would match the supported OpenSSH version, followed by the ssh-audit release e.g. 9.7.1 supports up to OpenSSH 9.7 features and is the first ssh-audit release to support it.

jtesta commented 3 months ago

v2.3.1 was released a month after v2.3.0 since an important oversight was made (see https://github.com/jtesta/ssh-audit/releases/tag/v2.3.1). So the full version format is indeed still useful.

Additionally, with the myriad of UNIX distros packaging ssh-audit, updating the version format can realistically break their monitoring systems (they continuously watch https://github.com/jtesta/ssh-audit/releases/ for new versions).

The cons outweigh the pros of changing the version format at this time.