[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: OpenSSH security advisory: cbc.adv
They put a condition because of "National Security". Should that mean
that they use OpenSSH in "National Security"-sensitive applications
If so, should that mean that they implicitely recognize the very good
work done by the community?
If so, why not act politely with the community and share knowledge?
This would make the software better, so that they could still use it in
How can't they understand that?
Why not just share the knowledge and just ask for some time (fixed
amount? or just "when a solution will be found") before public release
of the details of the attacks?
Why not release the details and switch to another system if OpenSSH is
not what they need anymore?
So one more entity that just want to benefit from FOSS, but not
If I were the developpers, then I would just retaliate (humoristically)
by sending them a similar (fake)-contract/NDA, asking them not to use
OpenSSH, but share National Sensitive information. In other words, just
ask them to share THEIR knowledge without US providing our tools.
There are some times where I hate the BSD licence, because it does not
force people to cooperate! (even if I don't think any other licence
would help here...)
My 2 cents and sorry for the off-topic subject...
Post-Doc - Sala C2-50
Laboratório de Técnicas Inteligentes (LTI)
Depto. Eng. Computação e Sistemas Digitai(PCS)
Escola Politécnica da Universidade de São Paulo
Av. Prof. Luciano Gualberto, 158 travessa 3
05508-900 - São Paulo - SP - Brasil
Tel: +55 11 3091 5397