On Wed, 26 Jun 2002, Philip J. Koenig wrote: > On 25 Jun 2002, at 16:38, Net Llama! boldly uttered: > > > On Tue, 25 Jun 2002, Philip J. Koenig wrote: > > > > > There has been a heated discussion on this over in the FreeBSD > > > security list, suffice to say that Theo's obnoxious attitude doesn't > > > help matters. Nonetheless this is important info: > > > > The way i see it, if you write a heaping hunk of code that thousands, if > > not millions of people use on a daily basis, you can be as obnoxious as > > you like. > > > I have an extremely different view of life: as far as I'm concerned, > there is no excuse, no time, nowhere for *anyone* to be an obnoxious > S.O.B., and I don't care if you're the president, the pope, or god. > (assuming you believe in the latter) > > DeRaadt sat on the FreeBSD security list, and blustered, and cussed, > and berated people for asking questions, basically anyone who didn't > accept his dictum as gospel. > > After all of these predictions of doom-and-gloom coming from him, and > after listening to him pull a Microsoft - not divulging any details > on this vulnerability (contrary to the guiding philosophy in the > majority of the open-source security community), spreading FUD, > scaring people into thinking they were going to get rooted through > this thing unless they upgraded to this new and relatively un-tested > functionality (privilege separation)... it is now coming out (no > thanks to DeRaadt) that the version that most people are currently > running in FreeBSD is NOT VULNERABLE. > > Just like some people wondered when his blustering first started, it > appears possible that some of this may just have been a good excuse > to force everyone to upgrade. > > Most FreeBSD users are a little different than typical Linux users - > they don't like to be on the bleeding edge just to be on the bleeding > edge - they want to make sure changes are well-tested and relatively > troublefree. Such FUD from vendors does not play well in that > community.
I agree with 100%, except that you're neglecting one simple fact. openssh is not a vendor. The developers of openssh aren't getting paid a single penny for what they do. Thus, they aren't bound to the same vendor/customer relationship that we expect from places such as Sun, Oracle or even M$. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lonni J Friedman [EMAIL PROTECTED] Linux Step-by-step & TyGeMo http://netllama.ipfox.com _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
