Re: [tlug] remote

[Matt Doughty <mdoughty@example.com>]

On Thu, Jun 27, 2002 at 08:11:43PM +0900, B0Ti wrote:
> Matt Doughty wrote:
> 
> > Open what? OpenSSH hasn't been around 6 years more like 2-3. As for that ridiculous
> > claim about the default install. Dude they basically turn off all services in the
> > default install and then say "no remote exploit in blablabla".
> 
> I must give you credit here.
> I'm sure Tatu is very happy about this recent openssh vulnerability as customers (like
> you) will be migrating back to "The Real Thing".
> No software is without bugs. Just look at the recent Apache sechole. Are you gonna ditch
> it too? Not much alternative out there that can compete.
> 

The actual ssh is build from the ground up with supporting both protocols in
mind.  OpenSSH is a project that took the old ssh source, and tried to retrofit/
hack the ssh2 protocol support into it. Its a hack plain and simple.  I'm
not going to move away from apache because a. they have had a better track
record and b. there really isn't much in the way of fully supported altenatives.
Yes security bugs will happen, but they tend to be more infrequent in 
properly designed code which is exactly what ssh, and apache is. It was just
a matter of time before OpenSSH started showing its roots.

--Matt