Hi there David,

Previous Correspondence, received at 11:50 1-8-02 -0400:
>Thanks for letting us know.

You're welcome. Thanks for the swift reply. Indeed the pkgsrc I have
around on my local machine  is clean and has a correct MD5 checksum.
I should've checked the sources before posting. My apologies for
being a bit hasty.

For those interested in reading more or those having other OSes as
well, the OpenSSH team posted its advisory at its website
[ http://www.openssh.com/txt/trojan.adv ]. This advisory will probably
grow more complete. CERT also has some vendor info
[ http://www.cert.org/advisories/CA-2002-24.html ]. The sources have
been cleaned up, by the way, according to OpenSSH.

>We appreciate notification if any user receives a checksum mismatch
>warning while installing OpenSSH or any other package.

I'll keep it in mind. Over time, I have only come across one or two
mismatches in checksums, though.

Cheers,

Rogier Krieger


--
If you don't know where you're going, any road will get you there.