[svlug] Re: OpenSSH vulnerability (Where's the beef?)

[J. Paul Reed]

On Wed, 26 Jun 2002, Ira Abramov wrote:

> consider how lucky we are that the ssh is an open protocol and has
> several different implementations to rely on in a time of need. consider
> the fact the developers found the hole and are working hard on plugging
> it before even a single break-in was announced. Theo did the right
> thing, you bet.

No, the right thing would've been less privsep marketing in the
vulnerability announcement, and more information about the problem, why
they're handling it the way they are, and their exact course of action in
terms of how, when, and why they will release a new version... even what
*you've* provided (or quoted) would've been an acceptable level of
information.

Maybe the larger issue is that Theo has problems communicating effectively
with his user base, which is certainly possible.

That's a problem for a lot of engineers.

Later,
Paul
    --------------------------------------------------------------------
    J. Paul Reed              preed at sigkill.com || web.sigkill.com/preed
    Nothing satisfies more than a post-coital omelet of your own design.
                           -- Will Farrell, Saturday Night Live, 5/18/02