Re: openssh version info bug or feature ?
On Thu, Feb 07, 2002 at 12:21:06AM +1100, Paul Hampson wrote:
> On Wed, Feb 06, 2002 at 08:11:44AM -0500, Anthony DeRobertis wrote:
> > >Either way, I don't see how this could be a security hole
> > >justifying any bug report higher than 'minor'.
>
> > It would justify more than minor, but in the security
> > scanner --- not in ssh.
>
> Very true.
>
> > I'd just worry that existing network audits will be thrown off
> > by changing the version. I _do_ think we should change the
> > version when we release a security fix, though. Or when we make
> > major changes (not sure if we do for ssh).
>
> That's pretty much it in a nutshell.
>
> Will you (or someone else) be submitting a bugreport against
> ssh to that effect?
It's been done: #130876. That reporter deemed it "critical"!
-S
--
by Rocket to the Moon,
by Airplane to the Rocket,
by Taxi to the Airport,
by Frontdoor to the Taxi,
by throwing back the blanket and laying down the legs ...
- They Might Be Giants
Reply to: