No cc needed, I am subscribed. Tobias Mueller - 11.11.18, 19:00: > On Sun, 2018-11-11 at 18:56 +0100, Martin Steigerwald wrote: > > At least for Debian 9 ssh-audit complains about quite some insecure > > ciphers, MACs and key exchange algorithms if I leave the settings as > > default. Thus I changed them. > > sounds like filing a bug is appropriate, then.
I do not think Debian OpenSSH maintainers would introduce a behavioral change like this during a stable cycle. Well they could warn about this and recommend to secure the settings, but just updating? Not without a warning at least. Thanks, -- Martin _______________________________________________ Ach mailing list [email protected] https://lists.cert.at/cgi-bin/mailman/listinfo/ach
