Date: Tue, 25 Jun 2002 10:42:44 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: Mike Silbersack <silby@silby.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Hogwash Message-ID: <20020625084244.GC73283@starjuice.net> In-Reply-To: <20020624233910.V55382-100000@patrocles.silby.com> References: <20020625041946.GA6840@edgemaster.zombie.org> <20020624233910.V55382-100000@patrocles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On (2002/06/24 23:45), Mike Silbersack wrote: > I think this thread needs to die very soon. Theo's solution to this bug > is unorthodox, but it should serve to protect those who are willing to > upgrade. He does not deserve all the bashing you're giving him. Thank you, Mike. :-) It seems to me that a number of people have chosen to use this situation as an opportunity for some Theo-bashing. Very poor show, I think. The facts are: 1) Theo has warned that the details of a vulnerability will be published this coming Monday. This disclosure will constitute full disclosure. 2) This disclosure will open a race between the blackhats and administrators. 3) Theo's warning offers two ways for administrators to avoid the race: change your software or disable the software until disclosure. The disclosure of these avoidance methods does not assist the blackhats. Personally, I don't think adminsitrators could ask for more. I'm _very_ glad that the OpenSSH team hasn't told anyone else about a hole I can't patch against yet. I'm equally glad that, until the hole and patch are disclosed, there's a way for me to cover the hole up. Those of you who thought "Theo is well-hated, nobody will look down on me for pissing on him", you were wrong. You just ended up looking stupid. Shame on you! Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020625084244.GC73283>