From owner-freebsd-security Tue Jun 25 0:47:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id 62BF437B400 for ; Tue, 25 Jun 2002 00:47:44 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1192) id 318F9AE03F; Tue, 25 Jun 2002 00:47:44 -0700 (PDT) Date: Tue, 25 Jun 2002 00:47:44 -0700 From: Alfred Perlstein To: Lachlan O'Dea Cc: Theo de Raadt , FreeBSD Security Subject: ENOUGH!!! Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability (fwd) Message-ID: <20020625074744.GK53232@elvis.mu.org> References: <200206250156.g5P1upLJ029822@cvs.openbsd.org> <3D181884.2040200@ca.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D181884.2040200@ca.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Lachlan O'Dea [020625 00:18] wrote: > Theo de Raadt wrote: > > > Jason Stone wrote: > > > >>Release now and let the community help you fix the bug (since > >>apparently it's so complicated that you can't fix it right away on your > >>own...). > > > > > >It took about 3 minutes for the first rev. > > So you are saying that you already have a patch that fixes the > vulnerability? If so, it seems to me that delaying the release does more > harm than good. *sigh* People don't get that what Theo is doing is very fair. He's giving everyone a chance to protect themselves, the only people that are getting screwed are those that are too damn lazy to adapt the 'priv' stuff to their OS. Quit your whining and submit patches to update your favorite version of FreeBSD already! thanks, -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message