| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030917113957.GA914@c9x.org> From: j at pureftpd.org (Jedi/Sector One) Subject: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability On Wed, Sep 17, 2003 at 10:20:43AM +0100, Matt Collins wrote: > From: Matt Collins <matt@...es.com> > It isnt particularly useful for a cross platform research/discussion list > to be flooded with 7 software release announcements for the same bug, > though. It makes clear that these distros actually care about security. If I am looking for a secure hardware router or an operating system, I'll first consider those that are tracking general security-related mailing-lists and that are posting their advisories there. It is obvious that the OpenSSH vuln affects more hardware vendors that just Cisco. Or more OS/distros than those that posted here. But how to know if these other vendors actually fixed the flaw? Maybe the patches are only announced on a mailing-list that only already-existing customers can be aware of. People who have to make decisions won't spent time digging for those lists. Various vendors posting to Bugtraq and FD are a good thing IMHO. It's just like replies to a broadcast icmp echo request. Vendors that keep answering with reasonnable latency can be trusted. Vendors that only replies to their private network can't be fully trusted by other people. Vendors that don't answer can't be trusted at all. -- __ /*- Frank DENIS (Jedi/Sector One) <j@...Networks.Com> -*\ __ \ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' / \/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/
Powered by blists - more mailing lists