Bug#536182: rumours of openssh attack, upgrade sid?
* Thijs Kinkhorst:
> However, one consistent claim is that the "current version" of OpenSSH
> isn't affected. It would make sense to me to get at least unstable/sid
> updated with the most recent upstream version, as it wouldn't hurt. Do you
> as openssh maintainers think you can do this in the short term? This is at
> least some potentially mitigating action we can already take.
The last time we did something similar in the wake of an OpenSSH
vulnerability, we *introduced* the vulnerability. And I strongly
object to rumor-driven software development.
(This does not however invalidate any other reason why it an upload of
a new upstream version is warranted.)
Reply to: