Re: Proposal for removal of mICQ package
Michael Stone <mstone@debian.org> writes:
> On Sat, Feb 15, 2003 at 08:26:27PM +0100, Florian Weimer wrote:
>>The OpenSSH maintainers knowingly deceived the Security Team and
>
> No. They wouldn't say what the problem was, but they did not
> intentionally try to slip bad code past us.
But this was what they did, wasn't it? They pretty much hid that it
was almost a BSD-only issue, from a pragmatic point of view.
> Their handling of the situation might not have been what we might
> have wanted, but as far as I know they acted in good faith.
Well, I received insults when I was acting in good faith (and
initially, I was; I was trying to conceive an emergency plan for
protecting my constituency). Of course, good faith and a fair amount
of missing realism go hand in hand nicely. 8-)
However, I might regret some of the things I wrote back then because
they were a bit too harsh and unfair. After all, it's about software
I've never paid a dime for.
Maybe you don't feel deceived, fine for you; but I know that many
people felt betrayed during those days. Fortunately, this hasn't
delayed the embracing of OpenSSH by the traditional UNIX vendors.
Reply to: