Date: Wed, 26 Jun 2002 17:40:05 -0400 From: Travis Cole <kelp@plek.org> To: Petr Swedock <petr@blade-runner.mit.edu> Cc: freebsd-security@freebsd.org Subject: Re: Wow Message-ID: <20020626214005.GC53981@ainaz.pair.com> In-Reply-To: <867kklaneg.fsf@blade-runner.mit.edu> References: <200206261741.g5QHf3LI027927@cvs.openbsd.org> <867kklaneg.fsf@blade-runner.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 26, 2002 at 02:46:31PM -0400, Petr Swedock wrote: > > I'll be rethinking my use of OpenSSH for the very same > reason. You're not my dad, my cop, my priest, my lawyer > or firefighter. NOR are you the Unix version of 'install > wizard'. I expect code from you. That's it. Write code. I was thinking the same thing a few hours ago. But I've since changed my mind. > I don't expect paternalism, risk assesments, restrictions, > regulations or even the time of day. I have no concern > for what you think my risks are NOR your preferred method > of ameliorating those risks. Write the fucking code. I ask > for no warrantee. I don't call you with help desk questions. > Write the code and get down off that extremely high horse > before you hurt yourself. I think Theo and the OpenSSH team did the right thing here. But, unfortunatly things didn't work out so well :( No one knew this was coming. So they had the oportunity to minimize the impact by urging people to upgrade to a new version of OpenSSH which would mitigate the problem. All before any of the bad guys knew what the problem was. We knew a source fix was coming, so we could choose to wait for that or install 3.3 with privsep and run it for a week then upgrade again. Through an unfortunate string of circumstance this whole thing got ugly. I got pissed off, a lot of others got pissed off. Here is how I see it. The cold hard truth. What Theo and the OpenSSH team did was the right thing. Unfortunatly they didn't use the best words to express what was needed. I think thats whats really pissing people off. Not what they did, but how they said it. I feel a lot better about things now that I've realized that. And then of course there is ISS... I don't have any good words to say about them. -- -tcole To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626214005.GC53981>