On Thu, 2003-09-25 at 18:31, Vincent Danen wrote: > On Thu Sep 25, 2003 at 11:13:04PM +0200, Han Boetes wrote: > > > > > Can't we dump wu-ftpd? I mean there are lots of more secure > > > > alternatives and this daemon still has regular exploits. > > > > > > wu-ftpd is only in contribs > > > > Ok, that's in the good direction. Lets take it a step further. :) > > > > I mean someone gets a 9.1 cd, installs wu-ftpd and forgets to run updates. You > > can predict that by the time 9.2 is released a working exploit has been found. > > > > You can nearly be sure that any contrib cd will contain a package that will > > result in remote root exploits if you install them a half year after the release > > date. > > > > You can't be sure about that for any other rpm. > > > > I say lets dump wu-ftpd completely from the distro. I don't want to make it too > > easy for users to shoot themselves in the foot. > > Heck, I'm all for it and agree with all your reasons. But the example is a > touch out... wu-ftpd hasn't been in main since 8.2 (last version it shipped > in main). > > Hey, while we're at it, can we throw sendmail in contribs? =) > > (Serious about killing wu-ftpd altogether, semi-serious about sendmail)
I think that both are super excellent ideas; pure-ftp should definitely be the default, for many reasons, but if only because of it's infinitely better security. For the opposite reason of insecurity I also agree with you on sendmail; it should be a go getter. LX -- ����������������������������������������������� Linux Mandrake 9.1 Kernel 2.4.21-0.13mdk *Catch Star Trek Enterprise, Wednesdays on UPN* ������������������������������������������������
