OpenSSH: client bug CVE-2016-0777 and CVE-2016-0778
Tim
ignored_mailbox at yahoo.com.au
Sat Jan 16 11:18:14 UTC 2016
Tim:
>> This shows just one advantage of doing fresh installs, instead of
>> updates. Those of use who do fresh installs, won't have old keys from
>> prior releases still on our systems.
Gordon Messmer:
> "Your keys" means your private authentication keys. The ones in
> ~/.ssh. If you keep or restore your home directory, it doesn't matter
> if you do a fresh install or an upgrade. I have a hard time imagining
> any significant number of people disposing of all of their data every
> time they update Fedora.
I do. I don't carry over any of the hidden config files, from one
release to another. Just my own work.
Long ago, I found that carrying over any baggage from a prior release
risks carrying over problems that were fixed with a new release, or
adding new problems by incorporating incompatible configuration
settings.
I would suspect that a lot of people who do new installs and simply
back-up and restore personal files, or drag and drop them, don't bother
with the hidden files. Some will, of course. And a few are aware of
potential problems by doing so.
--
[tim at localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64
Boilerplate: All mail to my mailbox is automatically deleted, there is
no point trying to privately email me, I only get to see the messages
posted to the mailing list.
Windows (TM) [Typhoid Mary]. They refuse to believe that there's
anything wrong with it, but everyone else knows Windows is a disease
that spreads.
More information about the users
mailing list