Date: Mon, 14 Apr 2014 13:07:11 +0100 From: Matt Dawson <matt@chronos.org.uk> To: freebsd-security@freebsd.org Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <201404141207.s3EC7IvT085450@chronos.org.uk> In-Reply-To: <534B11F0.9040400@paladin.bulgarpress.com> References: <534B11F0.9040400@paladin.bulgarpress.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 14 Apr 2014 01:38:40 +0300 Todor Todorov <todorov@paladin.bulgarpress.com> wrote: > Oh now I sense some angst. Please ask Kirk McKusick, he knows the > story about why this is not being disclosed to FreeBSD. Sometimes I > feel a bit sorry for them (and for him), but then the next minute I > don't feel sorry because there's damn good reasons they won't be > told about what I found. My first thought when I saw this was "ego over ethics," which says more about Theo than FreeBSD. *If* there's an issue it'll come out eventually regardless of any little games the pseudo-deities wish to play. In the meantime, follow best practice, lock down your SSH, use keys rather than passwords, password protect the private key, ensure that only trusted people who need it get shell access and disable anything that isn't absolutely necessary. -- Safer alternative to smoking under threat from over-regulation due to pseudo-science and puritanism. Please help keep personal vapourisers available for ex and potential ex-smokers at http://www.efvi.eu/ by showing your support for this citizens' initiative.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404141207.s3EC7IvT085450>