On Fri, Oct 18, 2002 at 03:50:12PM +0200, [EMAIL PROTECTED] wrote: > > You can; however, recompile and get rid of the "Debian 1:3.4p1-1" part... > > Why isn't it done by default ?
9-12 months down the road (or whenever the next exploit in OpenSSH is found), Debian will likely backport the fix into the current version rather than upgrading entirely. I assume the "Debian" part of the banner is to help us defend ourselves against local security folks doing SSH scans and freaking out whenever they see any version less than 3.secure -- we point them to the DSA, show that the fix is in the Changelogs, etc. In a perfect world, those folks would have already read the above supporting material and they wouldn't bug us at all. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
