At 2:00 PM -0500 3/8/02, Thor Lancelot Simon wrote:
>On Fri, Mar 08, 2002 at 10:51:23AM +0000, xs@kittenz.org wrote:
>>
>>  I think, it might be nice to have a sshd that isn't one, huge, monolithic
>>  blob. afaik, you can't chroot sshd itself or parts of it without a patch.
>
>You just described two of the principal design goals of FreSSH.  It's hard
>for me to believe that anyone could design a piece of "security software"
>with dangerous sections as large as those of the F-Secure/OpenSSH code.
>
>Unfortunately, we all got awfully busy, so the FreSSH team isn't in much
>of a position to talk.  It doesn't help that none of us really like the
>baroque V2 protocol very much

But if you refuse to embrace v2, have you eliminated the MANY known 
security problems with v1? If not, then without v2 support OpenSSH is 
still far safer, IMHO.

Mike
-- 
Bikers don't *DO* taglines.