Ethan Benson <[EMAIL PROTECTED]> writes:
> > One reason why I did not install any security-updates to SSH1.1 is that on
> > the web page of www.debian.org they say that there is a remote exploit in
> > OpenSSH (DSA-027) but it is fixed in Debian 2.2 (potato) and that is the
> > one I installed. I did not think that I had to install all
> > security-updates as well, figured they would be in the install. Perhaps
> > that is something which should be clearly stated on the debian pages?
>
> always install security updates, thats HOW debian fixes security
> problems. =20
That's all well and good if people know about security.debian.org.
I've been running debian for many years and only found out about it a
couple of weeks ago. All this time I've been assuming that security
updates were merged into the "stable" branch, and as long as I
periodically ran dselect and [U]pdated and [I]nstalled the updates,
I'd be covered. Since this appears to not be the case, is there
something that can be done to make this fact more readily apparent to
users?
--Bill.
--
William R Ward [EMAIL PROTECTED] http://www.bayview.com/~hermit/
-----------------------------------------------------------------------------
"Those are my principles. If you don't like them I have others."-Groucho Marx
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]