* Thijs Kinkhorst: > However, one consistent claim is that the "current version" of OpenSSH > isn't affected. It would make sense to me to get at least unstable/sid > updated with the most recent upstream version, as it wouldn't hurt. Do you > as openssh maintainers think you can do this in the short term? This is at > least some potentially mitigating action we can already take.
The last time we did something similar in the wake of an OpenSSH vulnerability, we *introduced* the vulnerability. And I strongly object to rumor-driven software development. (This does not however invalidate any other reason why it an upload of a new upstream version is warranted.) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
