Re: openssh version info bug or feature ?

["Steve M. Robbins" <steven.robbins@videotron.ca>]

On Thu, Feb 07, 2002 at 12:21:06AM +1100, Paul Hampson wrote:
> On Wed, Feb 06, 2002 at 08:11:44AM -0500, Anthony DeRobertis wrote:
> > >Either way, I don't see how this could be a security hole
> > >justifying any bug report higher than 'minor'.
> 
> > It would justify more than minor, but in the security 
> > scanner --- not in ssh.
> 
> Very true.
> 
> > I'd just worry that existing network audits will be thrown off 
> > by changing the version. I _do_ think we should change the 
> > version when we release a security fix, though. Or when we make 
> > major changes (not sure if we do for ssh).
> 
> That's pretty much it in a nutshell.
> 
> Will you (or someone else) be submitting a bugreport against
> ssh to that effect?

It's been done: #130876.  That reporter deemed it "critical"!

-S

-- 
by Rocket to the Moon,
by Airplane to the Rocket,
by Taxi to the Airport,
by Frontdoor to the Taxi,
by throwing back the blanket and laying down the legs ...
- They Might Be Giants