Openssh 5.4 is from March 2010, per http://www.openssh.com/openbsd.html . I’m glad that the open source process worked so well to find this bug...
-
-
@SteveBellovin When they refactored some pre-auth packet code, they asked us (Google) to review it. We fixed several serious issues. -
@SteveBellovin If anything, OpenSSH is the model for what we want to encourage: priv-sep, sandboxing, reduced attack surface, reviews. - 9 more replies
New conversation -
-
-
@benhawkes@thegrugq@SteveBellovin Could it be because , AFAIK, OpenSSH guarantees "commits" integrity -
@benhawkes@thegrugq@SteveBellovin of GitHub (or Linux Kernel) source code repositories for so many projects ? w/ package maintainers,etc
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.