Gert Doering wrote: > On Mon, Jan 01, 2018 at 07:52:26AM -0800, Peter Moody wrote: >> I would prefer that: >> >> * commercial vendors patched the software they sold >> * people who purchased from these vendors to take responsibility for >> their actions and apply pressure on the commercial vendors rather than >> the free software developers who provide the client software, for >> free. > > You *are* aware what people are talking about? Like, management cards > for UPSes and such, where the important part is "will that UPS provide > reliable power for a reasonable price", a secondary question is "can I > monitor that thing in a reasonable way?", and a very very very minor > influencing factor is "will the management card do SNMPv3, or SSH with o > 2048 bit RSA key size"? And another important question is: How high is the risk that this unmaintained device is added to yet-another-bot-net in the Internet-of-shitty-devices or is used to enter parts of your network. If you run such devices you have to do your homework. Part of this is to setup secured admin gateways where you can run whatever customized SSH client you need to accomodate this moldy devices. It might turn out that it's cheaper to buy new devices though. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev