[svlug] [bugzilla@redhat.com: [RHSA-2002:127-18] Updated OpenSSH packages fix various security issues]

Marc MERLIN marc_news at vasoftware.com
Tue Jul 2 07:34:26 PDT 2002


On Mon, Jul 01, 2002 at 09:59:59PM -0700, J. Paul Reed wrote:
> > http://www.debian.org/security/2002/dsa-134
> 
> Right... because Debian doesn't have to worry about pesky things like
> backwards compatibility (compression and PAM-support) and making sure their
> software is tested and... oh, let's say actually WORKS on the platforms
> they're required to support.
 
Actually, they went through much pain to test what they could before
releasing the packages. They also released packages for testing before they
released packages for stable.
 
> They just listen to whatever the self-serving developer (note: singular)
> wants them to do without evaluating all the facts (which they didn't even
> have at the time) and thinking about the possible (non)impact for their
> users.

I talked to some of them and was on the appropriate debian channel when this
happened. It's a dammed if you do dammed if you don't situation.
Red Hat got a lot of flak for not releasing a package earlier, although I do
agree with the position they took.
Debian released packages for those who wanted them, along with appropriate
warnings.
I chose to tell Theo to stick it and did not install them.

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking 
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key



More information about the svlug mailing list