Mailinglist Archive: opensuse-security (499 mails)

[Stefan Eissing <stefan.eissing@xxxxxxxxxxxxx>]

Just for the record: I completely agree with Martin's statement
and his analysis of the mail he commented.

SuSE is doing a fantastic job and this mailing list and their
announcements are very supportive and informative. Thanks to all
involved!

Regards, Stefan

Am Donnerstag den, 27. Juni 2002, um 16:42, schrieb Martin Leweling:

> Hi,
>
> On Thursday 27 June 2002 16:17, Ryan Swenson wrote:
> > --- Redhat our neighbor handled this extremely well by putting 
> > this through
> > their QA teams and found that there were many many issues with 
> > 3.3; they
> > found that just by configuring counter-active options in the 
> > sshd.config
> > would prevent such exploits without making the mistake to have their
> > customers go to version 3.3 and not in many cases be able to support
> > backward compatibility.
>
> That's not QA. This is just what I call a wait-and-see approach.
> Red Hat just waited for the problem to go away, SuSE could have done
> that as well.
>
> ISS and the OpenBSD team are the ones you should blame, for their
> very vague and nebulous announcements.
>
> Anyway, SuSE's announcement was clear enough for me to decide not
> to upgrade in the first place but to firewall sshd instead, until 
> further
> clarification concerning the impact of the vulnerability. Personally,
> I trust my own intelligence enough to not rely on hand-holding from any
> vendor too much.
>
> I'll skip the rest of your mail since useless flames are not worth 
> repeating.
>
> Regards,
>   Martin
> --
> Martin Leweling
> Institut fuer Planetologie, WWU Muenster
> Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here