LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Upcoming OpenSSH vulnerability

Upcoming OpenSSH vulnerability

Posted Jun 25, 2002 10:38 UTC (Tue) by BogusUser ((unknown), #2239)
In reply to: Upcoming OpenSSH vulnerability by BogusUser
Parent article: Upcoming OpenSSH vulnerability

http://docs.freebsd.org/cgi/getmsg.cgi?fetch=255989+0+current/freebsd-security

I don't know with what agenda the advisory was released,
but one can't call it an innocent one.

I can't refute the statement that a workaround which defuses the
so called hole into nothing more then an unprivilidge accoutn getting
compromised. Is a good in between step.

But a real fix ready monday next week ? that's not an option. today
or tomorrow is.

Furthermore I find the statements made by theo in his release very
dubious.

"Customers can judge their vendors by how they respond to this issue."

Is one of them.

And again there seems to me to be too much old grief and sorrow in
the initial announcements and all reactions.

Sure people can differ in opinion, but when it comes to these kinds
of threats we "the world of free source",both users and developers, need
to stick together.


And "the world of free source" has thrived by sharing ideas and problems.

(Log in to post comments)

Upcoming OpenSSH vulnerability

Posted Jun 25, 2002 12:37 UTC (Tue) by BogusUser ((unknown), #2242) [Link]

That's the biggest crock I've ever heard.

"the world of free source" thrives on opinionated stupidity. Nobody
ever really fixes anything well, because the opinionated dickhead who
ends up dong the fix always decides it's "somebody elses problem", and
wastes shitloads more time arguing about why they should not have to
be the person to solve something or other than it would have taken to
just do as they're asked in the first place.

Add to that - when you look at their (usually comment-free) code, it's
always amazing that any fix works at all.

Upcoming OpenSSH vulnerability

Posted Jun 27, 2002 10:58 UTC (Thu) by BogusUser ((unknown), #2239) [Link]

Heh,

Ok can't refute your statement.


I think I should have made my point by stating that
the motive I describe is one to go by.
Or I could throw in responsibility...

But it seems my motives are too naive for a burdend free source
user/developer.

And indeed opinionated stupidity is the basis on which theo released
the "preliminary" advisory and the following I might add.


Upcoming OpenSSH vulnerability

Posted Jun 25, 2002 12:44 UTC (Tue) by BogusUser ((unknown), #2242) [Link]

As for the statement:-

"Customers can judge their vendors by how they respond to this issue."

This is *absolutely* 100% spot-on. Suggesting otherwise has the
identical effect as tattooing "I am the lazy and opinionated stupid
idiot who prefers to argue why it's not my job to fix a problem rather
than just fix a problem" on your forehead.

Grow up kiddies. Shut up and fix it instead of wasting everyones time
and proving you care more for the survival of your own (dumb) opinions
than for the safety of everyone else.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds