Actually, .t has been mentioned in Debian Weekly News. Proftpd seems like it was designed with security in mind, much more so than wu-ftpd. Do you remember the date of that post that discussed the design flaws? I'd like to read it.
proftpd just switched primary developers. As such, it's receiving a major over-haul. Now they're trying to shake the last of the bugs out for 1.2.0. That's where all those proftpd-1.2.0preX versions are comming from. offtopic: One of the hols that was fixed a few weeks back stemmed from the fact that something like this happened: strncpy(acharbuffer, userinput, X) which supposedly led to a buffer overflow. Could someone explain how a buffer overflow could happen with strNcpy? I thought using strNcpy pretty much stopped buffer overflows cold. Thanks, Bryan On 16-Oct-99 aphro wrote: > i find it very suprising that there is not even a peep from debian > developers about the massive security holes in proftpd and the minor ones > in wu.ftpd ..virtually all the other distros announced. even if there is > not a good fix people should be made aware not everyone watches bugtraq. > > unless the version(s) of proftpd in debian are safe? i read a post that > talked about flaws in the very design of it, making it secure would > require almost an entire re-write of the whole package. > > i posted to debian-user a few weeks back askin for help with this issue > but never saw a reply(if there was sorry i must've missed it) > > nate > (just tryin to watch out for fellow debian users) > >