From owner-freebsd-security  Mon Jun 24 23:11:15 2002
Delivered-To: freebsd-security@freebsd.org
Received: from trillian.santala.org (ip212-226-173-33.adsl.kpnqwest.fi [212.226.173.33])
	by hub.freebsd.org (Postfix) with SMTP id 5A6EB37B4AB
	for <freebsd-security@FreeBSD.ORG>; Mon, 24 Jun 2002 23:08:36 -0700 (PDT)
Received: (qmail 9280 invoked by uid 11053); 25 Jun 2002 06:08:33 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 25 Jun 2002 06:08:33 -0000
Date: Tue, 25 Jun 2002 09:08:33 +0300 (EEST)
From: Jarkko Santala <jake@iki.fi>
X-X-Sender: jake@trillian.santala.org
To: Tony Landells <ahl@austclear.com.au>
Cc: Theo de Raadt <deraadt@cvs.openbsd.org>,
	Sean Kelly <smkelly@zombie.org>, Ted Cabeen <secabeen@pobox.com>,
	"Jacques A. Vidrine" <nectar@FreeBSD.ORG>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: Hogwash 
In-Reply-To: <200206250556.PAA07738@tungsten.austclear.com.au>
Message-ID: <20020625085925.R12462-100000@trillian.santala.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, 25 Jun 2002, Tony Landells wrote:

> jake@iki.fi said:
> > How do you figure this works for commercial companies that need secsh
> > connections for business critical needs up and running 24x7?
>
> A couple of possibilities that spring to mind are:
>
> 	1. Buy the commercial version, and get commercial support.
>
> 	2. Fund the OpenSSH development so they can put funded resources
> 	on to fixing problems (and hence can ignore distracting influences
> 	like actually making money to pay for food, or turning in assignments,
> 	or ...)

With the attitude OpenSSH team has? No commercial company will give money
to someone who says "turn it off if it doesn't work".

> If you expect a volunteer group to provide you with iron-clad secure
> products, or to fix any found problems instantly, I think you're being
> somewhat unrealistic.

I don't expect, that is exactly what they claim they are doing, giving out
iron-clad secure products. ;) I wasn't expecting an instant fix either, I
was just pointing out an interesting attitude, "if it doesn't work, just
it turn it off" while on the other hand advocating OpenSSH as a
viable alternative to commercial products which do not have the luxury of
telling that to their customers. ;)

> They've found a problem, they've issued a warning, they're working on
> a solution.  How much more do you want for free???

A cup of java?-)

	-jake

-- 
Jarkko Santala <jake@iki.fi>            http://www.iki.fi/~jake/
System Administrator                    2001:670:83:f08::/64



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message