[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Thanks for the response on DSA-1571 OpenSSL vulnerability (was: ssl security desaster)

"Martin Langhoff" <martin.langhoff@gmail.com> writes:

> On Wed, May 28, 2008 at 11:13 AM, Colin Watson <cjwatson@debian.org> wrote:
> > I think everyone involved did a wonderful job, especially given
> > the appalling constraints they were under.
> A wonderful job indeed. *Thanks* from this corner of the world to
> the Debian + Ubuntu team involved. The efforts in getting it all
> done while balancing the maturity of the SSH blacklist patches &
> scripts vs risk have been excellent.

I've been very impressed with the response of the Debian people
involved in getting this widely understood and getting the tools in
place to help mitigate the disaster.

> It was a hard day for everyone else too, but it is clear that it would
> have been much worse without such careful handling of the situation.

Yes, the vulnerability has made my time as a sysadmin very harrowing;
quite apart from the exposure and legwork involved, there is great
loss of face in some quarters for having recommended Debian in the
first place.

In such cases where embarrassing loss of face has occurred, the *only*
thing that I've been able to concretely point to as an upside has been
the excellent, professional, well-coordinated response.

Thank you, Debian project.

 \      "Think for yourselves and let others enjoy the privilege to do |
  `\                       so too."  -- Voltaire, _Essay On Tolerance_ |
_o__)                                                                  |
Ben Finney

Reply to: