On Sun, Jun 20, 2004 at 02:48:28PM -0500, Jeff Vian wrote: > Rui Miguel Seabra wrote: > >On Sun, 2004-06-20 at 16:00 +0200, Alexander Dalloz wrote: > >>Am So, den 20.06.2004 schrieb Rui Miguel Seabra um 15:41: > >> > >> > >>>proftpd has historically had many security problems (probably due to the > >>>many more features). > >>> > >>> > >>Which software not? .... > > > >FTP is in the same class as TELNET... obsolete, redundant, less secure, > >etc... :) .... To some extent it is important to not be black and white on this stuff. Almost all of the interesting tools have had serious security bugs. At one point ssh had a bug serious enough that many sites switched to telnet for the couple weeks that it took to get the bug fixed and new versions distributed. The point is that "system" managers should consider their choices and be moderately ready to substitute one less interesting package for the nifty new package. In making setup decisions or package selection consider the impact of turning one off and another on and back. When a unique feature is turned on try and understand if that paints you in a corner should you need to switch to a lesser package in the future. This modern open source world gives us choices and that is way cool. -- T o m M i t c h e l l /dev/null the ultimate in secure storage.
