hi Markus,
> On Thu, Aug 10, 2000 at 11:54:45PM -0400, Charles M. Hannum wrote:
> > Uh, let's clear up a few misconceptions here...
glad someone who knows the ps that OpenSSH went with is taking up this issue;-))
> ok. then, please, do.
>
> > OpenSSH is not `a complete rewrite' by any stretch. It uses a large
> > amount of code directly from old versions of Tatu's SSH. Indeed, many
> > of the positive changes in OpenSSH since then were not even done by
> > the OpenSSH people; they were done by OSSH (which never seems to get
> > credited).
> could you please enumerate the positive changes?
had thought that the entire package had had extensive code review but would
like to know definatively. as well to quell any controversy on OpenSSH
being inferior to datafellows v2 i would like to hear the 'technical facts' as
it seems to be this needs to be evidenced. again my understanding is that
OpenSSH was created because the desire to produce a freely available
ssh package that was provided as is without licensing issues.
> > It's quite a misnomer, and a severe disservice to the many
> > people who have contributed to SSH, to credit it entirely to the
> > OpenSSH group.
> >
> > Also, let's not forget than OpenSSH brought us the UseLogin hole, and
> > that over time the `group that puts out OpenBSD' has been known to
> > introduce other holes (as documented on bugtraq in the past). Let's
> > not slobber over it too much without understanding the reality.
hmmm.. well i have read literally every advisory that has come down the
pipe in all the major security sites and i would have to say without question..
"OpenBSD" has by far the best track record when it comes to public scrutiny.
it seems you are implying that they introduce more holes than they fix.. i
would think they have been more a asset and benchmark on how SEC
should be more like actually. So whom are you making your comparison by?
Regards,
[EMAIL PROTECTED]
--
Reuters, London, February 29, 1998:
Scientists have announced discovering a meteorite which will strike the
earth in March, 2028. Millions of UNIX coders expressed relief for being
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________
************** DREAMWVR.COM - TOTAL INTERNET SERVICES ****************
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
<http://www.dreamwvr.com/services/MAX_SEC.html>;
DREAMWVR.COM - The Console of Many... 90 Topics Covered
<http://www.dreamwvr.com/dynamicduo.html>;
<mailto:[EMAIL PROTECTED]>;
->>Open Solution Provider and North American Distributor<<-
"===0 PGP Key Available
*************** "As Unique as the Company You Keep."*****************
"If anyone speaks from DREAMWVR.COM its certainly not me:-)"
________________________________________________________________________
