Bug#327233: Any movement on this?
Micah Anderson [EMAIL PROTECTED] writes: I'm just sending a ping to find out if there has been any movement on this issue. Back in September you wrote: This is absolutely fantastic news. As soon as I get some more free time, I'll try the new packages and look at what the transition will entail. Getting back to one set of SSH packages will make life far easier for everyone. Hi Micah, As Sam mentions, it's not at all clear to either of us that this is actually a bug. I don't really understand why this was considered a security issue; the only possible attack that I can see should be prevented by SSH's standard known hosts handling. Perhaps that wasn't considered a sufficient test? Anyway, I've been rather busy with various projects, so I haven't yet had a chance to write up a migration plan for eliminating the openssh-krb5 package. Given the controversial and low-impact nature of this vulnerability, though, I'd still rather proceed with that than upload a new release with this patch. I'll try to write up a migration proposal this week and start the discussion with the OpenSSH maintainers. Thank you for the reminder! -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327233: Any movement on this?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm just sending a ping to find out if there has been any movement on this issue. Back in September you wrote: This is absolutely fantastic news. As soon as I get some more free time, I'll try the new packages and look at what the transition will entail. Getting back to one set of SSH packages will make life far easier for everyone. Sorry to be irritating, but we track these bugs in Testing Security and many times people forget about them and find a ping actually helpful to remind them... micah -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDifjB9n4qXRzy1ioRAqYyAJ9nH3oJCEiVW3AltOm7vZb7hFwRLgCgkoYx miYyrq/goQe3+d7116Zxe5c= =z59H -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327233: Any movement on this?
Micah == Micah Anderson [EMAIL PROTECTED] writes: Micah Hi, Micah I'm just sending a ping to find out if there has been any Micah movement on this issue. I continue to believe that this is not a security issue and that openssh is wrong to have applied the patch. That doesn't answer the question you asked (Russ has been working on that, not I) but it does argue that perhaps this is not an issue for testing security. --Sam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]