RE: [suse-security] Re: [suse-security-announce] SuSE SecurityAnnouncement: OpenSSH (SuSE-SA:2002:023)
Like I said this list sucks! -----Original Message----- From: Stefan Eissing [mailto:stefan.eissing@greenbytes.de] Sent: Thursday, June 27, 2002 10:54 AM To: suse-security@suse.com Subject: Re: [suse-security] Re: [suse-security-announce] SuSE SecurityAnnouncement: OpenSSH (SuSE-SA:2002:023) Just for the record: I completely agree with Martin's statement and his analysis of the mail he commented. SuSE is doing a fantastic job and this mailing list and their announcements are very supportive and informative. Thanks to all involved! Regards, Stefan Am Donnerstag den, 27. Juni 2002, um 16:42, schrieb Martin Leweling:
Hi,
On Thursday 27 June 2002 16:17, Ryan Swenson wrote:
--- Redhat our neighbor handled this extremely well by putting this through their QA teams and found that there were many many issues with 3.3; they found that just by configuring counter-active options in the sshd.config would prevent such exploits without making the mistake to have their customers go to version 3.3 and not in many cases be able to support backward compatibility.
That's not QA. This is just what I call a wait-and-see approach. Red Hat just waited for the problem to go away, SuSE could have done that as well.
ISS and the OpenBSD team are the ones you should blame, for their very vague and nebulous announcements.
Anyway, SuSE's announcement was clear enough for me to decide not to upgrade in the first place but to firewall sshd instead, until further clarification concerning the impact of the vulnerability. Personally, I trust my own intelligence enough to not rely on hand-holding from any vendor too much.
I'll skip the rest of your mail since useless flames are not worth repeating.
Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
27.6.2002 17:00:41, "Ryan Swenson" <Ryan.Swenson@togethersoft.com> wrote:
Like I said this list sucks!
Then there is an easy solution for you: UNSUBSCRIBE If you don't know how to do this: read the mail-footer... Christoph
participants (2)
-
Christoph Wegener -
Ryan Swenson