Peter Gutmann <[email protected]> wrote: > The general feeling was that it's best just to grin and bear it, you're going > to get them at some point no matter what you do.
This is about two things: 1. a false claim of succesfull exploitation of OpenSSH in a paper. 2. a false claim based upon that paper lands in a CVE. You are only talking about point 2. We are talking about point 1 also. We don't need to grin and bear either, but especially point 1.
