On 9 Apr 2014 15:46, "Bob Beck" <[email protected]> wrote: > > On Wed, Apr 09, 2014 at 02:49:21PM -0600, Devin Reade wrote: > > Quoting Theo de Raadt <[email protected]>: > > > > >If tomorrow Damien or I had to announce a major OpenSSH hole, how > > >screwed would the Internet be? > > > > Would you mind clarifying this a bit? Was the post strictly a > > (justified) comment about the lack of funding, or should we be > > anticipating another announcement in addition to the existing OpenSSL > > mess? > > The former. While nothing's ever for sure, OpenSSH does not normally > attempt to include exploit mitigation technique circumvention mechanisms. > > -Bob
And just so we're clear on this. Since people on hacker news seem to be mildly challenged at understanding English, I'm saying heartbleed has nothing to do with OpenSSH. It doesn't even link the library. I also know that Devin is smart enough to be running OpenBSD where it matters since I know him personally. I am making no claims about whatever any other operating systems that value speed and complexity over safety. Heck there probably are holes in what they bring to the table..
