[svlug] OpenSSH source may be trojaned, unless...

Drew Bertola drew at drewb.com
Thu Aug 1 16:07:02 PDT 2002


On Thu, Aug 01, 2002 at 04:33:51PM -0400, Bruce O. Benson wrote:
> On Thu, 1 Aug 2002, Drew Bertola wrote:
> > Let's say Sue runs Debian, but she just downloaded, built, and
> > installed the trojaned openssh.  Is she ok?
> 
> "apt-get install source ssh" retrieves safe non-trojaned OpenSSH source.  So
> yes, Sue's OK.

Just to be argumentative beyond the point of useful (since everyone
else is doing it), this is not what you said.  I'm not nit-picking.
Your original conclusion was that those running Debian were OK.  I
wanted to point out that there was no inherent immunity to those
running Debian.

-- 
+---------------------- T h e C o o p . n e t ----------------------+
| Drew Bertola         Hosting - Colocation      Tel:  408-738-8337 |
| TheCoop.net      Programming - Administration  Mob:  408-887-0426 |
| drew at thecoop.net    Open Source Specialists    http://thecoop.net |
+-------------------------------------------------------------------+





More information about the svlug mailing list