Hi, On Thursday 27 June 2002 16:17, Ryan Swenson wrote:
--- Redhat our neighbor handled this extremely well by putting this through their QA teams and found that there were many many issues with 3.3; they found that just by configuring counter-active options in the sshd.config would prevent such exploits without making the mistake to have their customers go to version 3.3 and not in many cases be able to support backward compatibility.
That's not QA. This is just what I call a wait-and-see approach. Red Hat just waited for the problem to go away, SuSE could have done that as well. ISS and the OpenBSD team are the ones you should blame, for their very vague and nebulous announcements. Anyway, SuSE's announcement was clear enough for me to decide not to upgrade in the first place but to firewall sshd instead, until further clarification concerning the impact of the vulnerability. Personally, I trust my own intelligence enough to not rely on hand-holding from any vendor too much. I'll skip the rest of your mail since useless flames are not worth repeating. Regards, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany