Upcoming OpenSSH vulnerability (fwd)

Philip J. Koenig pjklist
Mon May 17 11:33:56 PDT 2004 

On 25 Jun 2002, at 16:38, Net Llama! boldly uttered: 

> On Tue, 25 Jun 2002, Philip J. Koenig wrote:
> 
> > There has been a heated discussion on this over in the FreeBSD
> > security list, suffice to say that Theo's obnoxious attitude doesn't
> > help matters.  Nonetheless this is important info:
> 
> The way i see it, if you write a heaping hunk of code that thousands, if
> not millions of people use on a daily basis, you can be as obnoxious as
> you like.


I have an extremely different view of life: as far as I'm concerned, 
there is no excuse, no time, nowhere for *anyone* to be an obnoxious 
S.O.B., and I don't care if you're the president, the pope, or god. 
(assuming you believe in the latter)

DeRaadt sat on the FreeBSD security list, and blustered, and cussed, 
and berated people for asking questions, basically anyone who didn't 
accept his dictum as gospel.

After all of these predictions of doom-and-gloom coming from him, and 
after listening to him pull a Microsoft - not divulging any details 
on this vulnerability (contrary to the guiding philosophy in the 
majority of the open-source security community), spreading FUD, 
scaring people into thinking they were going to get rooted through 
this thing unless they upgraded to this new and relatively un-tested 
functionality (privilege separation)... it is now coming out (no 
thanks to DeRaadt) that the version that most people are currently 
running in FreeBSD is NOT VULNERABLE.

Just like some people wondered when his blustering first started, it 
appears possible that some of this may just have been a good excuse 
to force everyone to upgrade.

Most FreeBSD users are a little different than typical Linux users - 
they don't like to be on the bleeding edge just to be on the bleeding 
edge - they want to make sure changes are well-tested and relatively 
troublefree.  Such FUD from vendors does not play well in that 
community.



--
Philip J. Koenig                                       pjklist at ekahuna.com
Electric Kahuna Systems -- Computers & Communications for the New Millenium

More information about the Linux-users mailing list