On Thu Sep 18, 2003 at 08:33:53AM +0800, Leon Brooks wrote: > Perhaps the local mirror (PlanetMirror) is just lagged but it's showing > openssh-3.6.1p2-7mdk rather than 3.7.*. Even if this is a patched > 3.6.1, it would be considerably more reassuring if it said "3.7.1*" for > the 9.2 release, seeing that even 3.7.0 has security issues with, > apparently, wild exploits for same.
Go read the archives. This isn't a show stopper and is not up for discussion (reasons why will be seen in the archives). Basically, it boils down to the fact that I do not trust 3.7.1 yet. I certainly don't trust it for 9.2 or any older release. Read the openssh-unix-dev mailing list archives to see all the problems people are having with it. In short, 8mdk is up, it has the appropriate fixes. End of story and, please, end of discussion. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
