PROFTPD
Mike A. Harris
mharris at redhat.com
Fri Oct 24 06:05:16 UTC 2003
On Thu, 23 Oct 2003, Res wrote:
>> I think the general thing we're trying to get across is that we
>> do not have the engineering resources to package and maintain 15
>> ftp daemons, SMTP daemons, web servers, imap daemons, etc. and
>> also audit them, track their security flaws and major bugs and
>> provide proper and timely updates when such flaws are found, and
>> provide the level of support for them that would be needed for
>> them to be in Fedora Core. We just don't have 5000 engineers
>> here twiddling their thumbs looking for new applications with
>> major security flaws to fix and release updates for.
>
>ProFTPd has always had a good security track record, RH used to
>include it years ago (ok i think it was only on the contrib tho)
Red Hat did not create the packages in contrib, and did not
include any of them in the distribution. proftpd was on
powertools 6.0, but I believe that was the only thing it was ever
released on.
proftpd has definitely not always had a good security record. It
had a decent security record for a while, followed by a very poor
one while it fell out of maintenance, then it picked up a bit
again. At the time we included vsftpd into the distro, proftpd
had it's fair share of security issues. I remember because I
used it on almost every ftp server I maintained at the time. I
must admit though, while I loved proftpd's feature set and
configuration, vsftpd was a godsend security wise.
>when it also included the biggest security nightmare every ftp
>admin has 'wu-ftpd', they dropped proftpd but kept wu-ftpd, that
>just made absolute no sense at all, I feel there is more to it
Simple, proftpd was never part of the distribution *EVER*, so
your premise that we dropped proftpd and kept wuftpd is based on
an invalid claim. wu-ftpd was kept for a long time for
historical reasons. There are many systems running wu-ftpd out
there which have their entire infrastructure configured around
it. To upgrade those systems, throw out wu-ftpd immediately and
switch over to a new ftpd just wasn't something every customer
out there would be willing or able to do without a migration
period. We never shipped anything other than wu-ftpd before, so
we added vsftpd in 7.3 IIRC, then removed wu-ftpd recently in RHL
9.
As I said above, proftpd was included on an ancient version of
powertools more or less unsupported for one release, possibly on
older powertools I no longer have also. What used to be
powertools in days gone by could be somewhat viewed as "Fedora
Extras" or "Fedora Alternatives" in our current framework, and
that would be the perfect place for proftpd to reside now.
>and RH wont say (at least publicly) why :)
Well, now you know. ;o) Feel free to create new consipiracy
theories, they're fun to resolve with factual information. ;o)
--
Mike A. Harris ftp://people.redhat.com/mharris
OS Systems Engineer - XFree86 maintainer - Red Hat
More information about the fedora-test-list
mailing list