The description of this bug in the upstream changelog is: - Security: dbclient previously would prompt to confirm a mismatching hostkey but wouldn't warn loudly. It will now exit upon a mismatch.
Why should "it didn't warn loudly" be a grave security bug? Isn't any sort of prompt already a pretty loud warning in terms of user experience? Did the prompt fail to mention that there was a key mismatch somehow? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
