From owner-freebsd-security Mon Jun 24 22:49: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from trillian.santala.org (ip212-226-173-33.adsl.kpnqwest.fi [212.226.173.33]) by hub.freebsd.org (Postfix) with SMTP id 7DE5937B406 for ; Mon, 24 Jun 2002 22:48:55 -0700 (PDT) Received: (qmail 8761 invoked by uid 11053); 25 Jun 2002 05:48:53 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 25 Jun 2002 05:48:53 -0000 Date: Tue, 25 Jun 2002 08:48:53 +0300 (EEST) From: Jarkko Santala X-X-Sender: jake@trillian.santala.org To: Theo de Raadt Cc: Sean Kelly , Ted Cabeen , "Jacques A. Vidrine" , Subject: Re: Hogwash In-Reply-To: <200206250332.g5P3WQLJ024062@cvs.openbsd.org> Message-ID: <20020625084249.M12462-100000@trillian.santala.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 24 Jun 2002, Theo de Raadt wrote: > By holding this information back for a few more days, we are > permitting a very important protocol to be upgraded in an immune way, > OR YOU CAN TURN IT OFF NOW. You have mentioned this "turn it off" solution more than twice. Is this your official answer to any exploits in OpenSSH? Can I quote you on this? How do you figure this works for commercial companies that need secsh connections for business critical needs up and running 24x7? -jake -- Jarkko Santala http://www.iki.fi/~jake/ System Administrator 2001:670:83:f08::/64 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message