service version disclosure
drago01
drago01 at gmail.com
Mon Jan 9 13:09:22 UTC 2012
On Mon, Jan 9, 2012 at 9:07 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>
>
> Am 09.01.2012 07:27, schrieb Ed Marshall:
>> On Sun, Jan 8, 2012 at 5:42 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>> if a software-package, information, disclosure is NOT NEEDED it has
>>> to be disabled - again: take some security education!
>>
>> And, there we go.
>>
>> Convince upstream to change their behavior (but, read their FAQ on
>> this exact question first, and try to understand why they've chosen
>> that stance), or convince the current openssh package maintainers why
>> they should patch the Fedora version of openssh in defiance of
>> upstream's wishes.
>
> would you please realize that sshd was only ONE sample
>
> but well, so i will hestititate useful requests in the future and
> continue rebuilding half of the distribution by my own to get rid
> of nonsense like unsecure defaults
If not showing the version makes you fell more secure you are free to
do that it is free software after all. But just because it makes *you*
*fell* more secure does not mean that you gain any security by doing
so but well... that is no reason to change half of the distribution to
unnecessarily diverge from upstream.
More information about the devel
mailing list