Bug#154788: boot-floppies,www.debian.org: release notes give incorrect advice to ssh users, and attempt to subvert the package maintainer
On Mon, Jul 29, 2002 at 11:57:39PM +0100, Matthew Vernon wrote:
> Package: boot-floppies,www.debian.org
> Version: N/A; reported 2002-07-29
> Severity: critical
> Tags: security
> Justification: breaks unrelated software
>
> Hi,
>
> The paragraph:
>
> "Please note that the ssh package in this release enables root logins
> by default. (Disabled in 2.2) If you do not need this feature for
> remote access to your system you should ensure that the
> PermitRootLogin option in /etc/ssh/sshd_config is set to no after
> upgrade for security reasons. To ensure dpkg never updates the file to
> match new defaults, you can simply modify the file locally. Adding a
> blank line is enough."
This idea was originally added to the potato release notes in
7/24/2000 by joy (CVS revision 1.47). I guess it would have been
better for you to review them earlier, it's just been carried forward
ever since.
robster@debian.org is your contact.
--
*------v--------- Installing Debian GNU/Linux 3.0 --------v------*
| <http://www.debian.org/releases/woody/installmanual> |
| debian-imac: <http://debian-imac.sourceforge.net> |
| Chris Tillman tillman@voicetrak.com |
| To Have, Give All to All (ACIM) |
*----------------------------------------------------------------*
--
To UNSUBSCRIBE, email to debian-www-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: