Bugtraq mailing list archives
Re: Re: OpenSSH security advisory: cbc.adv
From: Guillaume MULLER <guillaume.muller () freesurf fr>
Date: Mon, 24 Nov 2008 15:37:45 -0200
Hey!They put a condition because of "National Security". Should that mean that they use OpenSSH in "National Security"-sensitive applications (interesting ;););))?
If so, should that mean that they implicitely recognize the very good work done by the community?
If so, why not act politely with the community and share knowledge?This would make the software better, so that they could still use it in their applications.
How can't they understand that?Why not just share the knowledge and just ask for some time (fixed amount? or just "when a solution will be found") before public release of the details of the attacks?
Why not release the details and switch to another system if OpenSSH is not what they need anymore?
So one more entity that just want to benefit from FOSS, but not contribute...
If I were the developpers, then I would just retaliate (humoristically) by sending them a similar (fake)-contract/NDA, asking them not to use OpenSSH, but share National Sensitive information. In other words, just ask them to share THEIR knowledge without US providing our tools.
There are some times where I hate the BSD licence, because it does not force people to cooperate! (even if I don't think any other licence would help here...)
My 2 cents and sorry for the off-topic subject... Cheers GM -- Guillaume MULLER Post-Doc - Sala C2-50 Laboratório de Técnicas Inteligentes (LTI) Depto. Eng. Computação e Sistemas Digitai(PCS) Escola Politécnica da Universidade de São Paulo Av. Prof. Luciano Gualberto, 158 travessa 3 05508-900 - São Paulo - SP - Brasil Tel: +55 11 3091 5397 http://www.lti.pcs.usp.br/~guillaume
Current thread:
- OpenSSH security advisory: cbc.adv Damien Miller (Nov 21)
- Re: OpenSSH security advisory: cbc.adv Otto Moerbeek (Nov 24)
- Re: Re: OpenSSH security advisory: cbc.adv Guillaume MULLER (Nov 24)
- Re: OpenSSH security advisory: cbc.adv Nick Boyce (Nov 24)
- Re: OpenSSH security advisory: cbc.adv Damien Miller (Nov 25)
- Re: OpenSSH security advisory: cbc.adv Nick Boyce (Nov 25)
- Re: OpenSSH security advisory: cbc.adv Bob Beck (Nov 25)
- Re: OpenSSH security advisory: cbc.adv Damien Miller (Nov 25)
- Re: OpenSSH security advisory: cbc.adv Fabian Hänsel (Nov 25)
- Re: OpenSSH security advisory: cbc.adv Otto Moerbeek (Nov 24)
- <Possible follow-ups>
- Re: Re: OpenSSH security advisory: cbc.adv dennis jackson (Nov 25)