Hi, Henry, On Thu, 11 Dec 2003, Henry Baragar wrote: >> tcpserver has its advantages, but it's also old, practically unmaintained >> (which is, arguably, a good thing as it has no known bugs) and lacks >> was originally written. The last update to the ucspi-tcp package was >> March 18th 2000. >Careful on the editorializing here Andy: I believe that xinetd predates >tcpserver and it has had security vulnerabilities >(http://lists.progeny.com/archive/progeny-security-announce/2001/msg00023.html) >and memory leaks (http://www.securityfocus.com/archive/1/319088). >xinetd has had ten releases since May of 2000.
Yes, it does not have the stabile history of tcpserver, but as I am trying to point out, tcpserver has less features. xinetd may well have been started before tcpserver, but tcpserver doesn't have as many features. Features have been added to xinetd later on, and bugs and security holes have followed. So there's one good reason to use tcpserver, which is security. But there's a good reason to use xinetd too, which is features. All I'm saying is that the answer to what one should choose is not definite for everyone. >> It's a real problem with all of DjB's software. It is absolutely > >reliable, > cross-platform, standards compliant and all, but "when is >qmail II > coming?" ;-) >I hope that bincimap has the same "real problem": absolutely reliable, >cross-platform, standards compliant and all:-) Yes, this is true. And as Donald Knuth said in a seminar I attended in Oslo, the only way to make a program bug free is to finish it. To keep 1.2 stable, new features must not go in, unless they of course qualify as bug fixes. But surprisingly many will rather prefer a server like xinetd for their IPv6 network or UDP server, than to use the safer tcpserver and lower their requirements. >I prefer the DJB style of very simply configuration files such as the use >of envdir over the single-point-of-configuration, mostly because of the >extreme reduction in syntax errors and the ease of machine-dependant >customization (just overwrite the necessary files) when supporting a large >number of machines. In fact, I would like to see bincimap move to the >envdir configuration format. That's an interesting opinion, and it's something we could consider for 1.3. :-) >> My opinion is that these are all tools with pros and cons, and it's no >> good to blindly throw away any of these because they "suck" or "there's >> no > reason to use it". :-) >More importantly, one should choose the tools that best suit the system >and environmental requirements. If you need IPv6 then tcpserver is not >going meet your requirements. If you need a application where services >are highy insulated from each other (or that has a blemish-free security >record), then xinetd is not going to meet your requirements. Then we certainly agree. :-) Andy -- Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg Author of Binc IMAP | "It is better not to do something http://www.bincimap.org/ | than to do it poorly."
