[ale] Another SSH Release?

Kenneth W Cochran kwc at world.std.com
Wed Sep 17 00:55:36 EDT 2003


>From: Jonathan Rickman <jonathan at xcorps.net>
>To: Atlanta Linux Enthusiasts <ale at ale.org>
>Subject: Re: [ale] Another SSH Release?
>Date: Wed, 17 Sep 2003 00:08:03 -0400
>
>On Tuesday 16 September 2003 23:20, Chris Ricker wrote:
>> On Tue, 16 Sep 2003, Jonathan Rickman wrote:
>> > Not sure what's going on, since the developers remain silent.
>>
>> Not entirely silent. The advisory at
>> <http://www.openssh.com/txt/buffer.adv> was updated....
>
>I'm referring more to their lack of official public announcement.
[...]
>>From http://www.openbsd.org/security.html
>
>"Like many readers of the BUGTRAQ mailing list, we believe in full
>disclosure of security problems. [...]
>
>turnaround is possible. Thus we think that full disclosure helps the
>people who really care about security."
>
>...this quote demonstrates a willingness to talk the talk. But they seem
>to be failing to deliver on the other part of the cliche. Again, I
>appreciate the work these guys do. They have arguably had as much impact
>on the state of security in the Open Source world as anyone out there (if
>not more). But again, they do seem to be placing a higher priority on the
>security of their egos as of late.
>
>--
>Jonathan Rickman
>Key ID: 0DF501FF

Can't say I disagree with you.  That said, maybe, as
mentioned in a previous message, this took them by surprise
right after a very long workday.  But then again, maybe I
don't, umm, know the "personalities" very well.  ;)

FreeBSD as well has announced a fix for this, with a
related Advisory, but I've also read that wasn't the only
glitch & other patch(es)/update(s) is coming soon, along
with an updated Advisory.

As a well-respected sysadmin I know has said, "the fun
never ever stops..."

-kc



More information about the Ale mailing list