Re: Wow

From: Chris Doherty (
Date: 06/26/02

Date: Wed, 26 Jun 2002 13:20:57 -0700
From: Chris Doherty <>

At some point, Theo de Raadt said:
> I've barely slept in a week.

get some rest.

> So many of you are being totally unreasonable people.


"Upgrade now."

"What versions are vulnerable?"

"Upgrade now."

"*sigh* Okay, I'll upgrade my 40 production machines."

"Okay, the version in -stable is unaffected. Oh yeah, and even if you're
running a vulnerable version, set 'ChallengeResponseAuthentication no' and
you'll be fine."

people aren't being unreasonable. they just wasted a lot of time upgrading
to a new version of software, when in reality probably 95% of cases are
either not vulnerable or can be secured with a simple configuration file
change (I made that number up, of course, but at least on this list it
doesn't seem out of proportion).

for myself with my one machine, I'm just annoyed. if I had gone through
this bullshit on 40 machines, when I could have just modified a config
file, I'd be pissed, and rightfully so.

but, *shrug*. I'll not give such credence to vague warnings in the
future--lesson learned.


Chris Doherty
chris [at]

"I think," said Christopher Robin, "that we ought to eat
all our provisions now, so we won't have so much to carry."
               -- A. A. Milne

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message