Re: ssh "banner"

To: przemolicc@poczta.fm
Cc: debian-security@lists.debian.org
Subject: Re: ssh "banner"
From: Mike Renfro <renfro@tntech.edu>
Date: Fri, 18 Oct 2002 09:38:25 -0500
Message-id: <[🔎] 20021018143825.GB2662@ch208h>
In-reply-to: <[🔎] 20021018135012.GC3259@przemek.pgf.com.pl>
References: <[🔎] 20021018125844.GA2676@przemek.pgf.com.pl> <[🔎] 20021018134214.GA24141@zionlth.org> <[🔎] 20021018135012.GC3259@przemek.pgf.com.pl>

On Fri, Oct 18, 2002 at 03:50:12PM +0200, przemolicc@poczta.fm wrote:

> > You can; however, recompile and get rid of the "Debian 1:3.4p1-1" part...
> 
> Why isn't it done by default ?

9-12 months down the road (or whenever the next exploit in OpenSSH is
found), Debian will likely backport the fix into the current version
rather than upgrading entirely. I assume the "Debian" part of the
banner is to help us defend ourselves against local security folks
doing SSH scans and freaking out whenever they see any version less
than 3.secure -- we point them to the DSA, show that the fix is in the
Changelogs, etc.

In a perfect world, those folks would have already read the above
supporting material and they wouldn't bug us at all.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu

Reply to:

References:
- ssh "banner"
  - From: przemolicc@poczta.fm
- Re: ssh "banner"
  - From: Phillip Hofmeister <plhofmei@zionlth.org>
- Re: ssh "banner"
  - From: przemolicc@poczta.fm

Prev by Date: Re: ssh "banner"
Next by Date: Re: Automatic Debian security updates, an Implementation
Previous by thread: Re: ssh "banner"
Next by thread: Re: ssh "banner"
Index(es):
- Date
- Thread