opinions on replacing vsftpd with proftpd?
T. 'Nifty New Hat' Mitchell
mitch48 at sbcglobal.net
Mon Jun 21 04:08:58 UTC 2004
On Sun, Jun 20, 2004 at 02:48:28PM -0500, Jeff Vian wrote:
> Rui Miguel Seabra wrote:
> >On Sun, 2004-06-20 at 16:00 +0200, Alexander Dalloz wrote:
> >>Am So, den 20.06.2004 schrieb Rui Miguel Seabra um 15:41:
> >>
> >>
> >>>proftpd has historically had many security problems (probably due to the
> >>>many more features).
> >>>
> >>>
> >>Which software not?
....
> >
> >FTP is in the same class as TELNET... obsolete, redundant, less secure,
> >etc... :)
....
To some extent it is important to not be black and white on this
stuff. Almost all of the interesting tools have had serious security
bugs. At one point ssh had a bug serious enough that many sites
switched to telnet for the couple weeks that it took to get the bug
fixed and new versions distributed.
The point is that "system" managers should consider their choices and
be moderately ready to substitute one less interesting package for the
nifty new package. In making setup decisions or package selection
consider the impact of turning one off and another on and back.
When a unique feature is turned on try and understand if that paints
you in a corner should you need to switch to a lesser package in the
future.
This modern open source world gives us choices and that is way cool.
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
More information about the fedora-list
mailing list