[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Fwd: ISS Advisory: OpenSSH Remote Challenge Vulnerability]

I don't see a better way of handling the OpenSSH announcement. More details or a patch would have allowed people to start writing exploits, at least they warned users of an upcoming bug and provided a work around. The OpenSSH team had to communicate with many vendors and eventually the details would have leaked. While debian may have released patched ssh packages right away, how many thousands of users of other vendors out there wouldn't have had a patch?
The apache announcement was just a mess though...
-Greg
> *raises hand*
> 
> Both the Apache and OpenSSH announcements were done poorly, without
> any reasonable thought given to the user community.
> 
> They should be taken out and shot ;-) (IMHO).
> 
> -Anne
-- 
------SupplyEdge-------
Greg Hunt
800-733-3380 x 107
greg@supplyedge.com


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: