lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: jeremiah at nur.net (Jeremiah Cornelius)
Subject: SSH Exploit Request

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu November 13 2003 08:07, Valdis.Kletnieks@...edu wrote:
> On Thu, 13 Nov 2003 02:18:57 PST, Jeremiah Cornelius said:
>
> > > > We need to test it before we are permitted to upgrade. Please help.
> > >
> > > Help yourself and redesign your patch management.
> >
> > Yeah.  Everyone can do that, smartass. 
>
> 
> No, he's right. The OP's environment apparently requires that there be
> testing before they're allowed to upgrade.
> 
> That's *broken*.  Plain and simple.
> 
But...  He may work for an organization that 

a) makes him responsible for function, and isolated from policy influence 
(possibly broken).

b) in which his manager is politically isolated (broken).

c) is subject to a DITSCAP-style regime of testing and documentation processes 
- - not broken!

In any case - it is unhelpful an peevishly arrogant to spit out "change your 
process."  O.K.  That may be happening over time.  What can I do /now/?

Not pointing out the obvious - gobbles exploit code - leads to this kind of 
meta-thread, which has been the cause of so much grievance to some.

A simple reply about the exploit and currency would have been entirely on 
topic for the list!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/s8eCJi2cv3XsiSARArHKAKDq2u91UdBYxMz9RUMkNycgnnS5zgCeM8ks
9j8V9ZJoeQpC3wVFG9Sj+ak=
=TGLt
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists