On Thu Sep 25, 2003 at 11:13:04PM +0200, Han Boetes wrote: > > > Can't we dump wu-ftpd? I mean there are lots of more secure > > > alternatives and this daemon still has regular exploits. > > > > wu-ftpd is only in contribs > > Ok, that's in the good direction. Lets take it a step further. :) > > I mean someone gets a 9.1 cd, installs wu-ftpd and forgets to run updates. You > can predict that by the time 9.2 is released a working exploit has been found. > > You can nearly be sure that any contrib cd will contain a package that will > result in remote root exploits if you install them a half year after the release > date. > > You can't be sure about that for any other rpm. > > I say lets dump wu-ftpd completely from the distro. I don't want to make it too > easy for users to shoot themselves in the foot.
Heck, I'm all for it and agree with all your reasons. But the example is a touch out... wu-ftpd hasn't been in main since 8.2 (last version it shipped in main). Hey, while we're at it, can we throw sendmail in contribs? =) (Serious about killing wu-ftpd altogether, semi-serious about sendmail) -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
