Vincent Danen <[EMAIL PROTECTED]> wrote: > On Thu Sep 25, 2003 at 08:44:30PM +0200, Han Boetes wrote: > > Can't we dump wu-ftpd? I mean there are lots of more secure > > alternatives and this daemon still has regular exploits. > > wu-ftpd is only in contribs
Ok, that's in the good direction. Lets take it a step further. :) I mean someone gets a 9.1 cd, installs wu-ftpd and forgets to run updates. You can predict that by the time 9.2 is released a working exploit has been found. You can nearly be sure that any contrib cd will contain a package that will result in remote root exploits if you install them a half year after the release date. You can't be sure about that for any other rpm. I say lets dump wu-ftpd completely from the distro. I don't want to make it too easy for users to shoot themselves in the foot. # Han -- http://www.xs4all.nl/~hanb/software http://www.xs4all.nl/~hanb/documents/quotingguide.html