[svlug] OpenSSH: one last note

J. Paul Reed preed at sigkill.com
Tue Jul 2 17:45:57 PDT 2002


This is an informational post only... I'm (mostly) leaving my rants at the
door. ;-)

Buried deep on Slashdot today was a link to the revised OpenSSH security
advisory, which contains a new section with the reasoning behind the
OpenSSH team's handling of the recent ChallengeResponseAuthentication bug.

You can judge their reasons for yourselves at:

http://www.openssh.org/txt/preauth.adv

I will say one thing about the majority of their reasons: they're
uninspiring, dubious excuses at best.

But, due to the fact that they actually took the time and effort to create
an addendum to the advisory, I'm sure they feel justified in how they
handled it. Translation: we can expect Theo to repeat his unacceptable
behavior when the next big feature (tm) he "needs" everyone to adopt comes
out.

Later,
Paul
    --------------------------------------------------------------------
    J. Paul Reed              preed at sigkill.com || web.sigkill.com/preed
    Nothing satisfies more than a post-coital omelet of your own design.
                           -- Will Farrell, Saturday Night Live, 5/18/02




More information about the svlug mailing list