On Mon, Mar 06, 2000 at 02:20:35AM -0700, Warner Losh wrote:
: OpenSSH inherited this from the 1.2.12 version it started from.
On a side note: last week, Tatu Ylonen, principal author of SSH, posted a
message on the SSH mailing-list (in the thread about the new SSH2 license)
saying that:
" OpenSSH is based on my version from back in 1995 or 1996. The OpenSSH
" folks have fixed many of the (security) bugs in that version, but not
" all of them when I last checked. Some of the problems in SSH1 are
" very fundamental.
"
" I do not recommend use of OpenSSH (or SSH1 generally, for that matter).
There hasn't been much followup on this. Anybody here who cares to
comment on this? What issues are relevant here and how bad is it?
Best regards,
--
Edwin H. Kremer, senior systems- and network administrator. <[EMAIL PROTECTED]>
Dept. of Computer Science, Utrecht University, The Netherlands [WHOIS: ehk3]
-------------------- http://www.cs.uu.nl/people/edwin/ -----------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
