home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] SSH2 + PAM + LDAP

On Wed, Sep 28, 2005 at 10:34:56AM -0700, Ross Jordan wrote:
> On Wed, Sep 28, 2005 at 01:36:47PM -0400, Stephen Gregory wrote:
> > Adrian Irving-Beer wrote:
> > >
> > >I don't have an answer, nor do I mean to advocate, but I'm curious.
> > >Why are you using the non-free ssh.com version rather than OpenSSH?
> > 
> > I trust SSH2 to be secure more then I trust OpenSSH.
> why? OpenSSH is more widely used, open, reviewed and written by some
> top notch security guys. I'm not trying to start a flamewar, but
> why would ssh.com version of ssh be any better?

...because they wrote the IETF standard.  ...because they wrote the
reference implementation.  ...because they are not gratuitously
different than the reference implementation or the standard.  ...because
they didn't have a rash of security-related exploits published and used
against them causing a rash of security-related patches to be released
in a short period of time.  ...because they aren't the only ones who
claim their products are secure.  ...because they aren't as arrogant
about it.

I'm with Stephen Gregory on this one.

> -Ross

	slainte mhath, RGB
	GPC Listmaster

Richard Guy Briggs               --    ~\             Auto-Free Ottawa! Canada
<www.TriColour.net>                --    \@       @       <www.flora.org/afo/>
No Internet Wiretapping!            --   _\\/\%___\\/\%    Vote! -- <Green.ca>

message navigation