[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH with potato, not very secure?

Ethan Benson <erbenson@alaska.net> writes:
> > One reason why I did not install any security-updates to SSH1.1 is that on
> > the web page of www.debian.org they say that there is a remote exploit in
> > OpenSSH (DSA-027) but it is fixed in Debian 2.2 (potato) and that is the
> > one I installed. I did not think that I had to install all
> > security-updates as well, figured they would be in the install. Perhaps
> > that is something which should be clearly stated on the debian pages?
> 
> always install security updates, thats HOW debian fixes security
> problems. =20

That's all well and good if people know about security.debian.org.
I've been running debian for many years and only found out about it a
couple of weeks ago.  All this time I've been assuming that security
updates were merged into the "stable" branch, and as long as I
periodically ran dselect and [U]pdated and [I]nstalled the updates,
I'd be covered.  Since this appears to not be the case, is there
something that can be done to make this fact more readily apparent to
users?

--Bill.

-- 
William R Ward        hermit@bayview.com      http://www.bayview.com/~hermit/
-----------------------------------------------------------------------------
"Those are my principles. If you don't like them I have others."-Groucho Marx
Reply to: