Bug#154788: boot-floppies,www.debian.org: release notes give incorrect advice to ssh users, and attempt to subvert the package maintainer

To: Matthew Vernon <matthew@debian.org>, 154788@bugs.debian.org
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#154788: boot-floppies,www.debian.org: release notes give incorrect advice to ssh users, and attempt to subvert the package maintainer
From: "Chris Tillman" <tillman@voicetrak.com>
Date: Mon, 29 Jul 2002 18:07:41 -0700
Message-id: <[🔎] 20020730010741.GD394@iMacBlue>
Reply-to: "Chris Tillman" <tillman@voicetrak.com>, 154788@bugs.debian.org
In-reply-to: <[🔎] E17ZJSN-0007z9-00@ming.empire.pick.ucam.org>
References: <[🔎] E17ZJSN-0007z9-00@ming.empire.pick.ucam.org>

On Mon, Jul 29, 2002 at 11:57:39PM +0100, Matthew Vernon wrote:
> Package: boot-floppies,www.debian.org
> Version: N/A; reported 2002-07-29
> Severity: critical
> Tags: security
> Justification: breaks unrelated software
> 
> Hi,
> 
> The paragraph:
> 
> "Please note that the ssh package in this release enables root logins
> by default. (Disabled in 2.2) If you do not need this feature for
> remote access to your system you should ensure that the
> PermitRootLogin option in /etc/ssh/sshd_config is set to no after
> upgrade for security reasons. To ensure dpkg never updates the file to
> match new defaults, you can simply modify the file locally. Adding a
> blank line is enough."

This idea was originally added to the potato release notes in
7/24/2000 by joy (CVS revision 1.47).  I guess it would have been
better for you to review them earlier, it's just been carried forward
ever since.

robster@debian.org is your contact.

-- 
*------v--------- Installing Debian GNU/Linux 3.0 --------v------*
|      <http://www.debian.org/releases/woody/installmanual>      |
|        debian-imac: <http://debian-imac.sourceforge.net>       |
|            Chris Tillman        tillman@voicetrak.com          |
|                  To Have, Give All to All (ACIM)               |
*----------------------------------------------------------------*



-- 
To UNSUBSCRIBE, email to debian-www-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Bug#154788: boot-floppies,www.debian.org: release notes give incorrect advice to ssh users, and attempt to subvert the package maintainer
  - From: Matthew Vernon <matthew@sel.cam.ac.uk>

References:
- Bug#154788: boot-floppies,www.debian.org: release notes give incorrect advice to ssh users, and attempt to subvert the package maintainer
  - From: Matthew Vernon <matthew@debian.org>

Prev by Date: Tuxcds listing
Next by Date: Processed: Re: Bug#154788: boot-floppies,www.debian.org: release notes give incorrect advice to ssh users, and attempt to subvert the package maintainer
Previous by thread: Bug#154788: boot-floppies,www.debian.org: release notes give incorrect advice to ssh users, and attempt to subvert the package maintainer
Next by thread: Bug#154788: boot-floppies,www.debian.org: release notes give incorrect advice to ssh users, and attempt to subvert the package maintainer
Index(es):
- Date
- Thread