> Well, you know what they say about assumptions, don't you Volker? ;-) Yes :)
> So that means he was out of date - current-release version for > openssh is 4.2p1. This doesn't mean all that much. Some distros backport security fixes for good reason, though gentoo isn't so likely to be one of them. If there had been a known security problem, every vendor would have released a new openssh (it is a major core component), but this didn't happen. So either it's in the pipeline, or the newer version is not relevant to security. Or there is a problem which is so far undisclosed, in which case most everyone has a serious problem. Of course if there were security updates and Nick didn't install them, then it's a good example of why it's a bad idea to not keep up with the updates for internet-exposed services. Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
