[ILUG] openssh vulnerability

[Aidan Kehoe]

 Ar an 25u la de mi 6, scriobh Paul Jakma :

 > that'd be where the gist of message is: "noone gets advance notice of
 > the actual bug, but hey our new privsep code is cool everyone on
 > should upgrade to it"

Once details of the bug are released to bugtraq, attempts to exploit
the bug will increase exponentially. Advising that a bug exists and
enabling privsep will prevent an exploit is the responsible thing to
do, if no specific fix is available.

 > he has an agenda of wanting people to move to privsep, and is using 
 > this upcoming bug fix to force people to move to it. it seems.

Do you think he gives a shit[1] whether the wider world moves to
privsep or not?

 > > I for one happen to like the idea of getting warned about
 > > security holes... Don't you?
 > 
 > yes, Theo /isnt/ doing this. (well, other than advance notice he's 
 > going to publish details next week, and tough luck if you're not 
 > running priv sep).

Saying a security hole exists isn't warning about it? Hmm. I
disagree. 

 > oh, i do so like to be condescended to.

Keep it up, & it'll happen a whole lot more. 

Bye, 

	- Aidan
-- 
I'm not a pheasant plucker / I'm a pheasant plucker's son.
I'm just a'plucking pheasants / 'Til the pheasant plucker comes.

[1] If there are any people reading this offended by that, I'm
sorry. Are there not enough American lists for you, though?