AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:<20090204174744.6fcb171f@ripper.onstor.net>
CFG:
PT:0
S:andy.sharp@onstor.com
RQ:
SSV:exch1.onstor.net
NSV:
SSH:
R:<larry.scheer@onstor.com>,<brian.stark@onstor.com>
MAID:1
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
X-Sylpheed-End-Special-Headers: 1
Date: Wed, 4 Feb 2009 17:50:16 -0800
From: Andrew Sharp <andy.sharp@onstor.com>
To: Larry Scheer <larry.scheer@onstor.com>
Cc: Brian Stark <brian.stark@onstor.com>
Subject: updating cougar packages a priority
Message-ID: <20090204175016.11b4625a@ripper.onstor.net>
Organization: Onstor
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hi Larry,

We need to bump up the priority of updating the packages in the cougar
build.  I would say ASAP with the usual caveats, of course.  Leopard is
a higher priority I would say, but little else.

I've discovered a problem that we need to nip in the bud regarding
cougar.  Because the filesystem has the "old" ssh packages, which had
weak key generation problem, some systems with the latest ssh clients
that can detect the undesireable keys might refuse to connect to a
cougar, or refuse to be connected to from a cougar, depending on how
strictly they are configured.  They might also just bitch about it but
ultimately allow the connection, but that's also bad.

Hence we need to make updating the various affected packages on the
cougar filesystem template a priority.  The latest ssh packages will
depend on the latest C library packages (I'm assuming here, but that
would be SOP), so that will have to be done as a prerequisite.

I'd hate to have this come to us as an escalation where a customer
can't connect, or a situation crop up where we get criticized because
we are using supposedly vulnerable software.

Cheers,

a
