Robert Davies wrote: > A service is flawed in one way or another, patch it! If the vendor says the > service is broke in some way, believe them, get off your lazy ass and get > patching. If you are the admin, do your job and quit whining!
The OpenSSH maintainers lured Debian into distributing a vulnerable OpenSSH version by issuing a security advisory (the version distributed by Debian at that time was not vulnerable). I'm sorry, things aren't always as easy as you assume. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
