At 11:32 PM -0500 3/7/02, David Maxwell wrote:

>Well, I'd like an sshd that I don't have to be ready to upgrade on every
>exposed machine on a day's notice.
>
>It would be kind of nice to step away from the net for a few days, and
>not wonder if everything's fallen apart while my back was turned.

C'mon, David, you know better than that. No program greater than a 
hundred lines or so can have active development *and* be bug-free 
every second. Every substantial program on the planet has had bugs 
during its development. We still ship with sendmail too, and that has 
had *far* more exploitable bugs than OpenSSH.

No, you don't have to be prepared on a day's notice. The same could 
be said the day after every every security avisory for every utility 
is released. Heck, according to this advisory it has existed since 
version 2.0 without anyone ever noticing.

Mike
-- 
Bikers don't *DO* taglines.