[svlug] OpenSSH source may be trojaned, unless...
Bruce O. Benson
benson at tux.org
Thu Aug 1 13:33:51 PDT 2002
On Thu, 1 Aug 2002, Drew Bertola wrote:
> That's the silliest conclusion I've ever read on this list, specially
> from a security SIG co-chair. Running Debian has nothing to do with
> being OK. Think about it first.
See my other post, but that's a conclusion you're making, not me. I made a
statement of fact, regardless of what you read into it afterwards. I stated
a single condition of sufficiency for safety based on what I had at hand.
No statement including or excluding any other distro was made, not to
diminish any of those fine software products by my exclusion.
I don't mind finding out who will rabidly grab the gasoline after projecting
their own conclusions into my statements, so thanks for the (additional)
datapoint.
> Let's say Sue runs Debian, but she just downloaded, built, and
> installed the trojaned openssh. Is she ok?
"apt-get install source ssh" retrieves safe non-trojaned OpenSSH source. So
yes, Sue's OK.
BB.
--
Bruce O. Benson, Co-Chair,
NovaLUG Security SIG.
mailto:benson at tux.org | http://novalug.tux.org
More information about the svlug
mailing list