I just came across the latest remote root exploit for wu-ftp, which I dutifully installed on the small server I maintain. It's too bad redhat released the patch early, as it is going to be a pita for the other distributions. But accidents happen, and there's nothing to be done about it now.
That aside, I am wondering why the major distributions stick with software like wu-ftpd, which have such poor security records, when better alternatives exist, e.g.: postfix instead of sendmail proftpd instead of wu-ftpd I know these can be installed after the fact, but why aren't they part of the default install? Isn't it asking for trouble to stick with insecure software? p.s. is there a decent replacement for bind that djb doesn't own? _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
