Hi,
Thanks to Joerg who give some nice perspective about software.
Thank to Warren which tries to talk.
Warren said :
>« I just did a search for inetd at the NVD CVE search, and got nothing
>relevant to running Fossil under inetd »
a) I don't talk about Fossil. My talk is about inetd/xinetd issue when it comes
to security.
Clearly speaking, there COULD be security breach with
inetd/xinetd/what-ever-it-is
b) There are nothing because, the latest release is 4 years later and no one
would like to use such a software.
c) I've said that it is not recommended so who am I to think that you will find
something in any CVE ?
>« Perhaps you have misunderstood your advisors, who are really saying that you
>shouldn’t be using in.telnetd and such any more, which are merely *associated*
>with inetd, but which are not inetd themselves. »
You really want to know what an expert in computers security said to us ?
"Never use xinetd or inetd or something like that."
Isn't never, never ?
I don't argue against an expert...
>« I am just telling you that the age of the software is a poor gauge to its
>security »
a) no one said that the age of a software is an important gauge to its security.
b) The age of the LATEST change of a software may explain in part that it is
widely used or not.
Then you could imagine if bugs could be found or not.
c) Age is not a poor gauge, it is a good one when you see the trends : few
release are signs of few reviews and so on...
>« The responses just tell the original poster of that thread that *he*
>probably doesn’t need it »
Nope, the answer explains that FreeBSD use what should be used: You call that
best practice.
Most of the time it is for security reason when people decided to make changes.
Notice that it is said that inetd should not be used :
It is even said « run separate daemons » ...
At least read Joerg explanations ...They are well explained. :-P
Best Regards
K.
De : Warren Young <w...@etr-usa.com>
*snip*
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
