Ubuntu 7.10 had ssl/ssh updates yesterday and today. Who knows about
tomorrow.
Jim K
larry price wrote:
So I've just finished upgrading all the various debian and ubuntu
boxes I control, and am about .75 done with the rekeying work that
goes with.
(if you have no idea what I'm talking about and you run a debian based
distro, go update your OS now; before you read the rest of this email)
1. not happy that this completely unnecessary vulnerability was out
there for more than a year without being found.
2. happy that it was found through reviews and analysis by project
members rather than through my machines being compromised.
3. wondering what could have been done differently to prevent this.
Addressing #3; it would be nice to write a check to someone to go
towards hiring one of the OpenSSL core developers to be the debian
package maintainer; not sure who that would be or if that would even
be the right solution (I seem to remember various circular firing
squads forming up in debian over who did and did not get money for
working on the project).
//good night
_______________________________________________
EUGLUG mailing list
euglug@euglug.org
http://www.euglug.org/mailman/listinfo/euglug
_______________________________________________
EUGLUG mailing list
euglug@euglug.org
http://www.euglug.org/mailman/listinfo/euglug
