On Wed, 2002-10-02 at 16:09, Vox wrote: > "David Guntner" <[EMAIL PROTECTED]> writes: > > > In the list of packages, I couldn't help but notice that wuftpd is not > > being made available. Does anyone know any particular reasons that that > > package has been omitted? It's what I'm currently using, but I'd sure hate > > to miss a security update because the rpm won't be showing up in the 9.0 > > security updates normal locations on the FTP mirrors. > > wu-ftpd has a looong history of bad security, so the mdk people has > (wisely, IMNSHO) chosen to use proftpd. But wu-ftpd does seem to be > in cooker, so...they may just have gotten rid of it on the release > ISOs.
Yes it's had some real problems but to be honest most of those are associated with anonymous ftp and wuftp not just wuftpd..... proftpd doesn't really get around the main problem (IMIO) with ftp... it works in the clear. sFTP and scp are a lot more secure but don't provide all the features you need. The reason again in my ingnorant opinion, that wuftp has gotten such a bad wrap is that few take the time to set it up they just run it out of the box. anonftp with wuftp is the same as sending out open invitations to your computer..... UNLESS you take the time to button it up. I've got a box that's been running these two for 3 years and ..... no cracks have been successful. But some of the things I've done are a bit strange (pub is read only and incoming is write only for example) it is also chrooted runs as a non-priviliedged user from the get go, and doesn't allow tar gzip or compiling. (untar and ungzip are also verboten) This took some heavy reading and a lot of asking people .... Hey would you try to crack this via ftp for me? Proftpd and pureftpd don't come set up to run... they really do demand that you configure them.... wuftp should be the same.... but it isn't. > > > > > I also noted at one point it announced that to allow upgrading, it was > > going to remove several packages and asked if I really wanted to do that. > > I said "no" at the time because I couldn't see any reason for removing > > those packages. Anyone at Mandrake reading this list (or anyone else, for > > that matter) know if I should have actally let it do so? If so, I suppose > > I can always start it back up with "update packages" and this time let it > > do that when it brings the message up. Any reason to *not* leave the > > packages in place that a "update packages" wanted to remove? > > Any C++ package that you leave from your old install will not > work. And you probably won't get the rest of the stuff upgraded > because of that. > > Vox > > -- > Pain is the gift of the gods, and I'm the one they chose as their messenger.... > For info on safety in the BDSM lifestyle http://www.the-vox.com > > Think of the Linux community as a niche economy isolated by its beliefs. Kind > of like the Amish, except that our religion requires us to use _higher_ > technology than everyone else. -- Donald B. Marti Jr. > > ---- > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
