On Sat, 26 Jan 2002 05:01:14 +0000 Lazarus Long <[EMAIL PROTECTED]> wrote: > This is definitely a security risk. There is no reason that such > information should be exposed to attackers. Just because FreeBSD has > some lame security practices doesn't mean Debian has to emulate them. > (If I ran it, I'd file a bug there as well.)
I agree that this is exposing information that can be used by an attacker to aid them in their exploits. On the other hand, the purpose of the change was a good one; it's hard to tell if you're running a vulnerable SSH in Stable, since the version string is the same as the stock upstream source, while the Debian diffs will have many added patches. Is there any way this can be run-time configurable? -- .--=====-=-=====-=========----------=====-----------=-=-----=. / David Barclay Harris Aut agere, aut mori. \ \ Clan Barclay Either action, or death. / `-------======-------------=-=-----=-===-=====-------=--=----' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]