[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH: What went wrong?

To: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: OpenSSH: What went wrong?
From: kjell@pintday.org
Date: Fri, 28 Jun 2002 13:04:07 -0600
Cc: kjell@pintday.org, misc@Openbsd.org

> There have been lots of shouting and so forth in the past about how
> OpenSSH/BSD is auditted and how the team of coders is so security
> conscious, etc, but then something like this happens.

mmhmm. Because there's never been a piece of security-oriented
software developed by security-conscious people with an exploitable
bug in it before.

> A proper code audit would have picked it up.

Perhaps you could perform a proper one, and send your findings along.
In the meantime, I suppose we'll have to continue with out improper 
code auditing.

> > And you aren't auditing software at all.
> 
> What makes you say that?

Because you seen unable to grasp that some bugs are subtle, or that
the idea of what is dangerous (or exploitable) might possibly be
changing with time. 

This might shock some people, but auditing is not a panacea.

But if you'll excuse me, I have some code to read.  Perhaps you could
do the same, instead of merely complaining about what an awful job we
are doing of it?

-kj

References:
- Re: OpenSSH: What went wrong?
  - From: Darren Reed <avalon@coombs.anu.edu.au>

Prev by Date: dhcp/cable modem
Next by Date: Re: CUPS, lpinfo: no lpt0
Prev by thread: Re: OpenSSH: What went wrong?
Next by thread: Re: OpenSSH: What went wrong?
Index(es):
- Date
- Thread