Bug#536182: rumours of openssh attack, upgrade sid?

To: "Thijs Kinkhorst" <thijs@debian.org>
Cc: 536182@bugs.debian.org, team@security.debian.org
Subject: Bug#536182: rumours of openssh attack, upgrade sid?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Wed, 08 Jul 2009 09:17:59 +0200
Message-id: <[🔎] 8763e363tk.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 536182@bugs.debian.org
In-reply-to: <[🔎] a58abf67809e9f7191b86df192bd2ff8.squirrel@wm.kinkhorst.nl> (Thijs Kinkhorst's message of "Wed, 8 Jul 2009 09:03:15 +0200")
References: <[🔎] a58abf67809e9f7191b86df192bd2ff8.squirrel@wm.kinkhorst.nl>

* Thijs Kinkhorst:

> However, one consistent claim is that the "current version" of OpenSSH
> isn't affected. It would make sense to me to get at least unstable/sid
> updated with the most recent upstream version, as it wouldn't hurt. Do you
> as openssh maintainers think you can do this in the short term? This is at
> least some potentially mitigating action we can already take.

The last time we did something similar in the wake of an OpenSSH
vulnerability, we *introduced* the vulnerability.  And I strongly
object to rumor-driven software development.

(This does not however invalidate any other reason why it an upload of
a new upstream version is warranted.)

Reply to:

References:
- Bug#536182: rumours of openssh attack, upgrade sid?
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Prev by Date: Bug#536182: rumours of openssh attack, upgrade sid?
Next by Date: Bug#536182: rumours of openssh attack, upgrade sid?
Previous by thread: Bug#536182: rumours of openssh attack, upgrade sid?
Next by thread: Bug#536182: rumours of openssh attack, upgrade sid?
Index(es):
- Date
- Thread