[Uaflug] Debian SSH Advisory...
Jeff Spaleta
jspaleta at gmail.com
Tue May 13 15:09:30 AKDT 2008
On Tue, May 13, 2008 at 2:54 PM, roger <roger at eskimo.com> wrote:
> Should of got Gentoo? ;-)
So far this is known to involve only Debian derivatives...most likely
all of them... that's a lot of distributions.. not just Ubuntu. But
the patch could have easily been picked up and applied outside of
Debian so if you are using Gentoo you should probably reach out and
confirm that the patch wasn't lifted from Debian and applied.
Fedora has confirmed that the patch in question hasn't been used in
any Fedora packages.
We've also started the discussion inside Fedora concerning how to add
safeguards into the packaging procedures concerning how we track
Fedora specific patchsets so this sort of long-lived downstream patch
situation doesn't bite us in the future. Whatever your distribution
of choice is, you should try to start a discussion about how to keep
this from happening if the distribution maintainers aren't already
discussing it.
And let me just say that it would be a horrible thing to suggest that
this patch was planted over a year ago and exposed today deliberately
to steal press from the Fedora 9 release that is happening. I would
not support any such outlandish rumor-mongering.
-jef"Fedora Project Board Member"spaleta
More information about the uaflug
mailing list