Ethan Benson <[EMAIL PROTECTED]> writes: > > One reason why I did not install any security-updates to SSH1.1 is that on > > the web page of www.debian.org they say that there is a remote exploit in > > OpenSSH (DSA-027) but it is fixed in Debian 2.2 (potato) and that is the > > one I installed. I did not think that I had to install all > > security-updates as well, figured they would be in the install. Perhaps > > that is something which should be clearly stated on the debian pages? > > always install security updates, thats HOW debian fixes security > problems. =20
That's all well and good if people know about security.debian.org. I've been running debian for many years and only found out about it a couple of weeks ago. All this time I've been assuming that security updates were merged into the "stable" branch, and as long as I periodically ran dselect and [U]pdated and [I]nstalled the updates, I'd be covered. Since this appears to not be the case, is there something that can be done to make this fact more readily apparent to users? --Bill. -- William R Ward [EMAIL PROTECTED] http://www.bayview.com/~hermit/ ----------------------------------------------------------------------------- "Those are my principles. If you don't like them I have others."-Groucho Marx
