De Raadt + FBSD + OpenSSH + hole?
Matt Dawson
matt at chronos.org.uk
Mon Apr 14 12:07:23 UTC 2014
On Mon, 14 Apr 2014 01:38:40 +0300
Todor Todorov <todorov at paladin.bulgarpress.com> wrote:
> Oh now I sense some angst. Please ask Kirk McKusick, he knows the
> story about why this is not being disclosed to FreeBSD. Sometimes I
> feel a bit sorry for them (and for him), but then the next minute I
> don't feel sorry because there's damn good reasons they won't be
> told about what I found.
My first thought when I saw this was "ego over ethics," which says more
about Theo than FreeBSD.
*If* there's an issue it'll come out eventually regardless of any little
games the pseudo-deities wish to play. In the meantime, follow best
practice, lock down your SSH, use keys rather than passwords, password
protect the private key, ensure that only trusted people who need it get
shell access and disable anything that isn't absolutely necessary.
--
Safer alternative to smoking under threat from over-regulation
due to pseudo-science and puritanism. Please help keep personal
vapourisers available for ex and potential ex-smokers at
http://www.efvi.eu/ by showing your support for this citizens'
initiative.
More information about the freebsd-security
mailing list