allowing zlib compresison is a server side risk.

delaying compression until the user is authenticated reduces
the server side risk.

i don't see why the code should change.

if it's a problem, then only in the documentation:

Compression
Specifies whether compression is allowed, or delayed until the
user has authenticated successfully. The argument must be
``yes'', ``delayed'', or ``no''. The default is ``delayed''.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev