-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On March 24, 2004 10:10, Shawn Grover wrote: > except that wu-ftpd is one of the packages with a number of security > concerns (though I think they've patched all the holes that have been > found).
the problem is that they keep finding them. the last debian security update to wu-ftpd was on March 8th, 2004. prior to that was the off-by-one error in September. this is a piece of software that has been around practically forever and new security problems are _still_ popping up with it. the design of the software dooms it; as Curtis Sloan said in the Andreesen thread good design and best practices help ensure security and unfortunately wu-ftpd displays neither =( fortunately, because this is all Free Software, there are other options that are functionally equivalent that do not have these drawbacks. one of the responsibilities we have as users of software on a public, shared network is to not support software that leads to compromises of that network. wu-ftpd should be viewed with the same sort of veracity that most of us here do when it comes to Microsoft products and security: they aren't secure and don't belong on the public Internet. - -- Aaron J. Seigo GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 while (!horse()); cart(); -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQFAYcfR1rcusafx20MRAi6TAJ92oJas2ohRyzI8ZuRzl1jKAJM+EQCgq7Sw /yZ18f1hYiKzQ0lvO3YDEB4= =zLUI -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
