Hi Kevin, On Thursday, November 29, 2001, 1:10:12 AM, you babbled something about:
KM> That aside, I am wondering why the major distributions stick with KM> software like wu-ftpd, which have such poor security records, when KM> better alternatives exist, e.g.: Licenses, commonality, familiarity, stuff like that. License being one of the most important. KM> postfix instead of sendmail Sendmail is the most common mail server available. There is no lack of documentation. It has also been doing "better" than in the past. Postfix also just had a significant DoS against it as well and with it's increasing popularity, it may soon see more action on that front. Though I like it, I still tend to stick with Sendmail. Postfix also is not GPL. It is under the IBM Public License. If you read it, you could see that there are certain provisions for commercial distribution. While they wouldn't stop you from distributing it, there are some interesting clauses that lawyers may be able to use against someone. Though I would not know how chancy that is, RH (and others) may have lawyers that recommend against it. KM> proftpd instead of wu-ftpd I agree here completely. It is GPL. It is easier to configure. And WU has just never gotten this thing right. Mandrake Linux has started shipping this as the default. I hope RH follows that one. KM> I know these can be installed after the fact, but why aren't they part KM> of the default install? Isn't it asking for trouble to stick with KM> insecure software? It is much more trouble to face license and other legal issues. The GPL protects from most legal action (like most other licenses do) and has no restrictions on distribution. If you follow OpenBSD at all, you would see that they are pulling packages out of their system and out of their "ports" collections for license issues left and right. It is really getting much trickier to do all this stuff now that Linux is so in the public eye and there are companies that would quickly rat a distro out for violations if they think it would hurt Linux's stance in the market. Plus when was the last time you saw M$ get hurt by including insecure software? It also works for Linux sometimes (like wu-ftpd, sendmail, etc.). KM> p.s. is there a decent replacement for bind that djb doesn't own? IMHO, Bind 9 hasn't seemed too bad. It is actually a complete rewrite and they took their time to make it. Since it is running all of the biggest name servers on the net, I think they are finally taking it seriously. Especially since they were paid to make sure that it should be secure. Have fun, -- _________________________________________________________________ Brian Ashe CTO [EMAIL PROTECTED] Dee-Web Software Services, LLC. http://www.dee-web.com/ ----------------------------------------------------------------- You don't have to swim faster than the shark... You just have to swim faster than the people you're with. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
