vsftpd (GPL) and openssl?

Pekka Savola pekkas at netcore.fi
Wed Sep 8 18:40:12 UTC 2004


On Wed, 8 Sep 2004, Rui Miguel Seabra wrote:
> > >From the license/policitical/religious point of view, it might be 
> > closer in spirit to the vsftpd though.
> 
> Anyway, do you have any data to backup your defamatory statement?
> OpenSSL hasn't exactly been void of serious issues...

Do you want the devil you know or the one you don't?  That's the 
point.

Very few are using GNUtls, so even if there are gaping holes, they 
wouldn't be worth the effort of either the whitehat or blackhat 
communities to dig out and expose/abuse.

On the other hand OpenSSL exists in millions or dozens of millions of
systems, so at least is has been exposed to some significant security
review.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings





More information about the fedora-devel-list mailing list