[ILUG] openssh vulnerability
kehoea at parhasard.net
Tue Jun 25 17:45:08 IST 2002
Ar an 25u la de mi 6, scriobh Paul Jakma :
> that'd be where the gist of message is: "noone gets advance notice of
> the actual bug, but hey our new privsep code is cool everyone on
> should upgrade to it"
Once details of the bug are released to bugtraq, attempts to exploit
the bug will increase exponentially. Advising that a bug exists and
enabling privsep will prevent an exploit is the responsible thing to
do, if no specific fix is available.
> he has an agenda of wanting people to move to privsep, and is using
> this upcoming bug fix to force people to move to it. it seems.
Do you think he gives a shit whether the wider world moves to
privsep or not?
> > I for one happen to like the idea of getting warned about
> > security holes... Don't you?
> yes, Theo /isnt/ doing this. (well, other than advance notice he's
> going to publish details next week, and tough luck if you're not
> running priv sep).
Saying a security hole exists isn't warning about it? Hmm. I
> oh, i do so like to be condescended to.
Keep it up, & it'll happen a whole lot more.
I'm not a pheasant plucker / I'm a pheasant plucker's son.
I'm just a'plucking pheasants / 'Til the pheasant plucker comes.
 If there are any people reading this offended by that, I'm
sorry. Are there not enough American lists for you, though?
More information about the ILUG