Subject: Re: FreSSH
To: None <current-users@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 03/08/2002 00:34:17
[ On Thursday, March 7, 2002 at 20:45:53 (-0800), John Nemeth wrote: ]
> Subject: Re: FreSSH
>
> When you consider all the squawking that the OpenBSD crowd does
> about why their code is so secure because they audit it amongst other
> things, I want it to not have the bugs. SSH is an extremely important
> security related application. It shouldn't have security holes.
Well it wasn't all their code to begin with, and I suspect a lot of it
has still not really been properly rewritten.
And there is a _lot_ of it (code that is, in OpenSSH + OpenSSL). Almost
all code has bugs, and the more code there is the more bugs there are,
and the bigger and nastier they usually get.
--
Greg A. Woods
+1 416 218-0098; <gwoods@acm.org>; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>