Slashdot Mirror
OpenSSH Releases Version 5.0
os2man lets us know that OpenSSH version 5.0 has been released. The mirrors are linked from the top page. "OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is available for almost any Operating System."
Yeah. Some content in this front-page article - beyond the version number - would have been helpful.
"Flyin' in just a sweet place,
Never been known to fail..."
The Debian maintainers wrote to Theo personally, while the correct email address for OpenSSH problems, issues and bug reports is "openssh@openssh.com".
The result is that the maintainers of OpenSSH were not properly notified, and a bug was left in the code. For all that it's worth, it seems Theo was on holidays, with no access to a computer.
So, sure, it may sound harsh, but I believe it's for a good cause: OpenSSH developers really want a stable and secure software. Consider the announcement a reminder of the proper procedure to warn them of bugs, not a dig at this or that operating system.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
I don't think that anybody is questioning whether a mistake was made. The problem is that there's no reason to publicly humiliate the people (read: volunteers) who made it in order to correct it. The point could just as easily have been made without specifically naming anybody.
I know that if I sent out a mass emailed "reminder" to my company about the proper protocol for something and specifically called out somebody from another group in it, the response would be a universal, "What a dick!" I'd be lucky to avoid being taken to the woodshed by my boss for it. That's just not how it's done.
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
Besides, what other kind of update would you expect on ssh? Support for some new SSL/TLS/SFTP/whatever version? Ports to new architectures (if there's any left)? Major performance upgrade? Better X forwarding compression? New authentication method support? Honestly, I don't know what the possible hot items could be, or even if OpenSSH does all of these things. I don't know but the part about point releases is pretty useless if it doesn't mean anything special at all... then last could be 49 and this release 50, you sorta expect something more when you roll out x.0 releases. Besides, while I'm sure this is a Big Thing for OpenSSH the IPv6 page on WP still says "As of November 2007, IPv6 accounts for a minuscule percentage of the live addresses in the publicly-accessible Internet, which is still dominated by IPv4." So yeah, it's an issue if you're on an IPv6 network but it's hardly a Slammer worm class exploit.
Live today, because you never know what tomorrow brings
OpenSSH follows the same version numbering approach as OpenBSD, which is that for each release they simply increment what would normally be called the minor number until it reaches 9, then what would normally be construed as the major number is incremented, then they go back to incrementing the minor number. One may wonder why they don't simply use a single number for releases, given there's no meaning or discernable advantage (to an outsider, that is) to using a pair of numbers. (Perhaps the numbering scheme is simply a hold over from OpenBSD's NetBSD origins over a decade ago. NetBSD does use "point numbers" to convey the relative importance of releases.)
That's the last straw, it's back to telnet for me. Bastards.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
http://marc.info/?l=openssh-unix-dev&m=120692745026265&w=2
It was available in 4.9, released just days before 5.0.