Openssh 5.4 is from March 2010, per http://www.openssh.com/openbsd.html . I’m glad that the open source process worked so well to find this bug...
-
-
@SteveBellovin If anything, OpenSSH is the model for what we want to encourage: priv-sep, sandboxing, reduced attack surface, reviews. -
@benhawkes The technical stuff--priv-sep, sandboxing, etc.--is the easy part. Structured design and code reviews, audits, etc., are hard. - 8 more replies
New conversation -
-
-
@benhawkes@lazytyped@SteveBellovin Are there any public commits related to this audit by any chance?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.