On Wed, Apr 09, 2014 at 02:49:21PM -0600, Devin Reade wrote: > Quoting Theo de Raadt <[email protected]>: > > >If tomorrow Damien or I had to announce a major OpenSSH hole, how > >screwed would the Internet be? > > Would you mind clarifying this a bit? Was the post strictly a > (justified) comment about the lack of funding, or should we be > anticipating another announcement in addition to the existing OpenSSL > mess?
The former. While nothing's ever for sure, OpenSSH does not normally attempt to include exploit mitigation technique circumvention mechanisms. -Bob
