[ale] Another SSH Release?
Chris Ricker
kaboom at gatech.edu
Wed Sep 17 07:45:44 EDT 2003
On Wed, 17 Sep 2003, Jonathan Rickman wrote:
> I'm referring more to their lack of official public announcement.
Oh definitely. As usual, it seems the FreeBSD announcements are the best
documentation of OpenBSD / OpenSSH bugs ;-)
On the other hand, the way OpenSSH has handled this one is better than the
stunt they pulled in the past -- pre-announce that theres a bug that will
lead to widespread raping and pillaging of the Internet, not announce what
the bug is, then announce that there's a totally new, untested, unaudited
version that if you upgrade will provide partial protection against said
raping and pillaging. Once everyone's been blackmailed into beta-testing
their new software, then announce said bug, which in actual announcement is
revealed to be much more limited in scope than purported in their "sky is
falling!" pre-announcements....
Is it any wonder people are actively considering moving to other free
implementations like lsh?
> Their relative silence on this is VERY disturbing if you ask me. At this
> point I believe that they have every intention of burying this in the
> hopes that everyone will just shut up about it. This will be the second
> time this has happened. They largely succeeded in their last attempt.
Of course. Anything to avoid incrementing the precious default
holes counter....
later,
chris
More information about the Ale
mailing list