On Wed, 26 Jun 2002 at 8:28am (-0700), David Talkington wrote:
> David Talkington wrote:
>
> >Yes, this definitely could have been handled differently. Especially
> >since they seem to have changed their minds mid-stream after telling
> >people they'd have until Monday to shore up before this announcement.
void hell() { while (1) { fork(); } }
Well... I now feel entirley vindicated about being so annoyed with the way
this bug has been handled. Now it seems like the whole thing has been a
spun in order to get the various vendors to 'upgrade' to privledge
seperation. Not only does this affect just a small slice of the openssh
using public - for those it does affect the work arround is trivial. Even
the patch to /fix/ the problem is just a few lines. I'm sorry but when
choosing between applying the 11 lines of change for the patch or the 2 or 3
thousand lines (written in a frantic rush over the last few days) for the
new version... umm... I think I'll choose door number 1 Bob. It took me
ten minutes to retrofit this patch to my RPMs.
The way this bug was portrayed made it seem much worse than it really was.
And the lack of disclosure meant those who were affected, but unable to
upgrade (myself included) were left totally exposed when there was absolutly
no need for them to be. And all this was done with the knowledge that there
was a live exploit out in the wild for this.
"Not Happy Jan."
Buut... I guess you don't get to be a dictatorial project leader by seeing
shades of grey... who are we to question genius.
M.
--
WebCentral Pty Ltd Australia's #1 Internet Web Hosting Company
Level 5, 100 Wickham St. Network Operations - Systems Engineer
PO Box 930, Fortitude Valley. phone: +61 7 3249 2557
Queensland, Australia 4006. pgp key id: 0x900E515F
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
