Yeah I was wondering whether it was that same chiark. I didn't have time to get to the end of the article.

A bit worrying to hear that important security software was hosted on a 30 year old OS.

The HN title is misleading as it was actually upgraded from Debian 8 "Jessie" to Bullseye.

Debian 8 "jessie" support reached its end-of-life on June 30, 2020, five years after its initial release on April 26, 2015.

However that does mean it was potentially vulnerable to critical vulnerabilities for more than two years whilst world+dog used it to download PuTTY for secure access to their servers. Eek

Would be good to know how this was managed if at all.

TFA covers this (extended security coverage from a third party provider).

I'd be more worried about the 200 shell accounts

that machine has definitely been hacked

For many years it was only a http site and didn't even have https.

Oooooh, the name sounded familiar but I didn't know why, as it's been some years since I used Windows regularly. Nice :)