I'm going to write my "Thank You Theo" to the man. I hope his mailbox fills with another 10,000,000 email like mine to which he does not need to respond. On Tue, 2003-09-16 at 16:16, Andy Wood wrote: > Well maybe he's had to answer 10,000,000 email on it, which if he > doesn't respond he'll get the same press as you're giving up. Maybe he's > swamped with other contributions to the computing industry. Seeing that yer > so tireless why don't you learn to write patches instead of just squawking > about it. > > > -----Original Message----- > From: full-disclosure-admin@xxxxxxxxxxxxxxxx > [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Carl Livitt > Sent: Tuesday, September 16, 2003 8:26 AM > To: full-disclosure@xxxxxxxxxxxxxxxx > > > Straight from the horses mouth, this is a snippet of an email conversation I > just had with Theo Deraadt: > > -------------- > Theo, > > Is there a patch available to patch the off-by-one that has been reported in > OpenSSH ? As it is being actively exploited in the wild, I would like to > patch my servers ASAP (as you can probably imagine). > > Thankyou for taking the time to read - and hopefully respond to - this > email. > > Kind regards, > > Carl > --------------- > > A flamefest ensued, but his answer was: > > Bugger off, wait like the rest of the planet. > > ------------- > > After more flaming abuse, I received this from him: > > I have been spending the last 10 days making openbsd releases for about > 14-15 hours a day for people to use We've been spending hours and hours > making openssh release We are dealing with an, as far as we know, > unexploitable hole (affects some systems, but not openbsd it is pretty > clear) issue for all of you who run other system we've been dealing with > this frantically to make something that the internet relies on as good as > good as it possibly can be no sleep for 30 hours and you expect me to treat > you special? > > AND YOU EXPECT ME TO TREAT YOU SPECIAL? > > AND YOU THINK THAT PASTING THAT TO SOME IRC CHANNEL MAKES YOU LOOK RIGHT? > > and you think that you pasting it to some icb channel makes me feel worth > less, when every single hp and cisco switch containing this code is likely > vulnerable, and i don't like that, and want to make the world a better place > even if it kills me due to stress and lack of sleep because i think that a > better world is a better place to live my life? > > > The main point is that " every single hp and cisco switch containing this > code is likely vulnerable". Oh dear, this could get nasty.. batten down the > hatches... > > Poor Theo, he needs his rest. > > Carl. > > Carl. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003 > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
Attachment:
signature.asc
Description: This is a digitally signed message part