Re: Critical: ssh-nonfree IS exploited

To: debian-user@lists.debian.org
Subject: Re: Critical: ssh-nonfree IS exploited
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 11 Nov 2001 15:35:00 -0600
Message-id: <[🔎] 20011111153500.B1917@debian.org>
Mail-followup-to: Colin Watson <cjwatson@debian.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 936CF0DF-D6CB-11D5-98BE-0050E460F070@apk.net>; from ipswitch@apk.net on Sun, Nov 11, 2001 at 12:43:11PM -0500
References: <20011111155440.B30811@wiggy.net> <[🔎] 936CF0DF-D6CB-11D5-98BE-0050E460F070@apk.net>

On Sun, Nov 11, 2001 at 12:43:11PM -0500, Stuart Krivis wrote:
> But, it's been pretty obvious that non-free is provided for the user's 
> convenience or to provide stepping stones to a completely free system 
> over time. That leaves it up to the maintainer of an individual non-free 
> package to make sure that the package won't allow the entire distro to 
> be compromised. If the maintainer can't or won't fix it or provide bold 
> warnings upon installation, then the package needs to be cut loose.

The maintainer *has* fixed it (for i386, at any rate) in
proposed-updates. The issue is that it needs to be available from
security.d.o and an advisory released, and the set of people with access
to do that is strictly limited.

(Not sure the relevant people read -user, but anyway ...)

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Re: Critical: ssh-nonfree IS exploited
  - From: Stuart Krivis <ipswitch@apk.net>

Prev by Date: Re: Dealing with broken dependency in dselect
Next by Date: Re: My printer won't print.
Previous by thread: Re: Critical: ssh-nonfree IS exploited
Next by thread: AC97 Sound
Index(es):
- Date
- Thread