Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Theo de Raadt <>
From: Jason R Thorpe <>
List: tech-security
Date: 06/27/2002 10:20:40
On Mon, Jun 24, 2002 at 06:48:20PM -0600, Theo de Raadt wrote:

 > You are so entirely out of touch with reality.  Less than 24 hours
 > after we produce a patch, there will be a public exploit.  You'll see.

This is why people generally go through channels like CERT to inform
vendors of problems and allow them to make appropriate plans, before
public disclosure of the problem.

        -- Jason R. Thorpe <>