Hi, I have a question on how the future of this openssh issue will be handled. Since openssh 3.3 isn't really a fix for the announced vulnerability, there has to be another update after we know what the real issue is. For now I just firewalled port 22 on the machines to only accept connections from my machine, instead of upgrading. What is SuSE's plan? Esp. for the 7.0 and 7.1 SuSE releases. 1. build a new openssh 3.3 + real fix? 2. build a new openssh 2.9.x (or whatever versions was installed before)? 3. both of the above? The reason I ask is because 3.3 seems to be a little bit ... uhm ... problematic - even if I only read the original release notes, ignoring the messages on this list so far - and I'd like to be prepared. cheers, oliver