Control: severity -1 grave
Since the maintainer has orphaned this package [1] and therefore this
package is maintained by Debian in general, I'm resetting the bug
severity since I agree with the reporter that this is a RC issue.
Thanks,
Jeremy Bicha
Hello,
To summarize :
1) This reverts an expected and accepted behavior in the Debian community where
daemons should start when installed with an adequate and secure configuration.
Other ftpd packages like pure-ftpd, twoftpd, tftpd-hpa and muddleftpd among
other all do start upon install.
2)
Hi,
my hints about that:
the comparison between Apache and vsftpd isn't possible. Vsftpd give
access to the local user and can so used for attacks to get local
access. Especially if there are a open IPV6 port. Which is on mostly
systems not well configured.
And at times where git: must replace
Hi!
> I must disagree. First of all, it is an accepted policy that daemons
> on Debian do start upon installation of the package.
Indeed. It's the case for Apache, too, for example.
However, upstream, can't seem to agree on the default values either.
>From the manpage from the upstream
Hello,
Le 31/03/2016 06:04, Jörg Frings-Fürst a écrit :
> severity 819546 normal
> thanks
>
> Hello Louis,
>
> thank you for spending your time helping to make Debian better with
> this bug report.
>
> I think that no configuration of vsftpd should be activated without
> verification.
>
> FTP
severity 819546 normal
thanks
Hello Louis,
thank you for spending your time helping to make Debian better with
this bug report.
I think that no configuration of vsftpd should be activated without
verification.
FTP is also not a service that is absolutely necessary immediately
after a new
Package: vsftpd
Version: 3.0.3-3
Severity: grave
Justification: renders package unusable
Dear Maintainer,
Bug #803999 sets listen_ipv6=NO as stated in the manpage. In doing so, it
breaks the systemd unit vsftpd which tries to do the following :
ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf
7 matches
Mail list logo