[ale] Another SSH Release?

[kaboom at gatech.edu (Chris Ricker)]

On Wed, 17 Sep 2003, Jonathan Rickman wrote:

> I'm referring more to their lack of official public announcement.

Oh definitely. As usual, it seems the FreeBSD announcements are the best 
documentation of OpenBSD / OpenSSH bugs ;-)

On the other hand, the way OpenSSH has handled this one is better than the
stunt they pulled in the past -- pre-announce that theres a bug that will
lead to widespread raping and pillaging of the Internet, not announce what
the bug is, then announce that there's a totally new, untested, unaudited
version that if you upgrade will provide partial protection against said
raping and pillaging. Once everyone's been blackmailed into beta-testing
their new software, then announce said bug, which in actual announcement is
revealed to be much more limited in scope than purported in their "sky is
falling!" pre-announcements....

Is it any wonder people are actively considering moving to other free 
implementations like lsh?

> Their relative silence on this is VERY disturbing if you ask me. At this 
> point I believe that they have every intention of burying this in the 
> hopes that everyone will just shut up about it. This will be the second 
> time this has happened. They largely succeeded in their last attempt.

Of course. Anything to avoid incrementing the precious default 
holes counter....

later,
chris