Bonum Certa Men Certa

Edward Brockelsby: how expelled hacker took over Debian's SSH2 package

posted by Roy Schestowitz on Jun 08, 2024

Reprinted with permission from Daniel Pocock.

Here is the list of changelog entries for the ssh2 package.

Here is the first upload from Edward Brocklesby after he takes over the package. Chilling.

Format: 1.6
Date: Fri, 26 Nov 1999 20:29:30 +0000
Source: ssh2
Binary: ssh2
Architecture: source i386
Version: 2.0.13-4
Distribution: unstable
Urgency: low
Maintainer: Edward Brocklesby <ejb@debian.org>
Description: 
 ssh2       - a secure replacement for rlogin, rsh, and rcp
Closes: 38705 39993 41100 46708 47030 47364
Changes: 
 ssh2 (2.0.13-4) unstable; urgency=low
 .
   * New Maintainer.
   * Suggest ssh-nonfree, not ssh.
   * Change 2222 to 22 in README.Debian (closes: #46708).
   * Don't link ssh against xlib6g.
   * Don't use ssh's own zlib, link with libz1 (closes: #39993).
   * Fix type in /etc/init.d/ssh2 (closes: #41100).
   * Change default $PATH to /bin:/usr/bin (closes: #47364).
   * Add a note about using ssh-keygen2 -r to the manpage (closes: #47030).
   * Suggests ssh-socks as well as ssh.
   * Prints a connection closed message when you log off (closes: #38705).

This was a long time before the Reproducible Builds project started. We have no idea if the binaries uploaded by Brocklesby correspond to the source code. At the time, people were simply trusted to compile the binaries on their home PC and upload them to the archive for everybody else to use. Scary, but true.

More scary, when they realized he was up to something they made no investigation into these binaries whatsoever. Looking at their discussions in hindsight, it didn't even occur to them, Debian people are so mediocre about security. They are obsessed with looking down their noses at people but don't understand what they see in front of them.

It looks like he was simply watching for other maintainers to lose interest and then he would take over their packages. Not every package though, only the packages that were really security critical like SSH, compilers and shells.

The rogue elements of Debian spent over $120,000 to attack me with lawyers after my father died. They made no credible inquiry into the activities of real hackers. They only care about making political attacks on volunteers. Security is above their pay grade.

It is now more than 48 hours after my first disclosure about the Edward Brocklesby affair and there is no comment whatsoever from the Debian security team. The only comments they make are to attack me personally, a reprisal for raising another serious security concern.

Read more articles about the mysterious Edward Brocklesby & Debian affair.

Other Recent Techrights' Posts

What EPO Staff, the Staff Union of the European Patent Office (SUEPO), and Europe Want and Need
Who should be served by patents?
 
EPO Cocainegate Escalates - Part I - Cocaine Abuse in Family of Campinos (President’s Office)
at the EPO's management you can do illegal drugs and still represent Europe's second-largest institution
Gemini Links 19/04/2026: Big Brother and the Telescreen, Syncing Gemini Capsule With a Makefile
Links for the day
Links 19/04/2026: Introducing “Fighting Fascism” Podcast and Kyiv Mass Shooting
Links for the day
Links 19/04/2026: Mass Layoffs at GAFAM Again (10% Laid Off), Azure Capacity Problems (Enshittification)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 18, 2026
IRC logs for Saturday, April 18, 2026
GAFAM Decided to Stop 'Old' Formats From Working, Format-Shifting Treadmills Resemble the Certificate Cartel Keeping Everybody Forever Chasing Rotations
Lots of extra chores because those who control the browsers decided that "too much choice" is bad, so they'll break "old" sites and make multimedia that's "old" not work anymore (not playable)
Nothing But Vapourware Since XBox Leadership Ousted and Mass Layoffs Will Come Soon
We just don't know the exact date/s... yet
Gemini Links 18/04/2026: Guix and WikiReader
Links for the day
Network Maintenance Next Friday
We must be doing a terrific job so far given how much money gets spent trying to silence us
"The Work-to-rule is Having Effect" at the European Patent Office (EPO)
The media knows how to contact SUEPO, but it's clearly not doing it
Improving the Sites, Not Bloating Them
Sites need to evolve over time. Many conflate evolution with bloat (as if more complexity is desirable).
SLAPP Censorship - Part 50 Out of 200: The Time Staff of Law Firm Burgess Mee Was Showing Up in Letters Sent for a Serial Strangler From Microsoft
Family-friendly? No.
Next Week the Star of the "EPO Reality TV Show" Will Likely be Absent (Absconding the Tough Reality of Widespread Unrest)
He tarnishes the legacy of that surname and the country's image by spouting out lies and hurling abusive insults (lots of the "f word") at staff
Speculations That IBM's CEO is on His Way Out
IBM has mass layoffs, but the media is not covering this [...] IBM is a company in the loo, a firm in a state of rapid disintegration
Slopwatch Was Deprecated, It's Not Coming Back
LLMs that produce many words very fast (and waste a lot of energy in the process) cannot compete with authentic news sites
WELCOME to The Cyber|Show @ Geminispace!
Andy set things up this past week
Links 18/04/2026: Microsoft's PR Department (Waggener Edstrom) and CEO's Wife Buys NPR (BillPR, Now BallmerPR) as Independent/Public Service Media Dims Down
Links for the day
Gemini Links 18/04/2026: Chronic Pain and CodingFont Game
Links for the day
Links 17/04/2026: "I Hate the Internet" and Fake Wallet in Apple App Store
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 17, 2026
IRC logs for Friday, April 17, 2026
European Patent Office (EPO) Strikes and Other Industrial Actions Are Working: Patent Application Grants Have Collapsed
Even before the strikes happened any day of the week
SLAPP Censorship - Part 49 Out of 200: Two Americans, One Case, Recycled for Low Budget at Brett Wilson LLP and 5RB Barristers
Change one character, bill the client tens or hundreds of thousands of US dollars
Pension Contribution Increases as Another Attack on Compensation for EPO Staff (Mostly Patent Examiners)
Pension contribution increases!
Almost 1,000 IBM Layoffs Not Newsworthy (Nobody Covers It), Unlike When Snap Does It and Mentions a Celebrated - or Reviled - Buzzword
not a word regarding IBM layoffs
Behind the Scenes With Richard Stallman
If you support his ideas, even if you dislike him as a person, then you'll welcome his ability to speak about those ideas
Gemini Links 17/04/2026: "Many Problems and Inequities in the Legal System", "No Place to Hide"
Links for the day
Links 17/04/2026: SRA Breaks Its Own Rules as Solicitor Attempts Suicide, IPv6 Barely Hits 50% After 20+ Years
Links for the day
ActBlue former IT boss disappearance: Decklin Foster & Debian, Harvard suicide lab, Chris Gleason is wife, whistleblower or both?
Reprinted with permission from Daniel Pocock
Gemini Links 17/04/2026: Getting competent in NixOS and Alhena 5.5.6 Released
Links for the day
Links 17/04/2026: "We Cannot Lose Sight of Ukraine" and "When Leaders Should Resign"
Links for the day
GizChina Appears to Have Become a Slopfarm, I.e. Fake News Site With Fake Text
Don't waste a moment reading LLM slop, as at the very least it rewards plagiarism [...] Deemed to be slop also by two human beings, not just two scanners
Massive, Cross-Site Strike at the EPO Today
There's coordination across sites for maximal pressure
Dr. Andy Farnell Says "AI" is "Only a Marketing Term" for Things That Exist for "Entertainment Purposes Only"
distortion or misuse of the term (now buzzword/s) "AI"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 16, 2026
IRC logs for Thursday, April 16, 2026