From owner-freebsd-security Tue Nov 20 7:17:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 9BF2037B417 for ; Tue, 20 Nov 2001 07:17:09 -0800 (PST) Received: from simoeon.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by smtp1.sentex.ca (8.11.6/8.11.6) with ESMTP id fAKFH7g27151; Tue, 20 Nov 2001 10:17:07 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20011120095853.038e9280@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 20 Nov 2001 10:10:29 -0500 To: Mitch Collinsworth From: Mike Tancsa Subject: Re: Fwd: Vendors For WU-FTPD Please Read Cc: security@FreeBSD.ORG In-Reply-To: References: <5.1.0.14.0.20011120093740.038e2580@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:55 AM 11/20/01 -0500, Mitch Collinsworth wrote: >On Tue, 20 Nov 2001, Mike Tancsa wrote: > > > It too seems to be vulnerable to various security holes in the recent and > > not so recent past :-( > >Name one thing that hasn't been. The real issue, IMO, is not >having never had a security bug, but how quickly bugs are fixed >and how easy it is to apply the fixes. qmail ? Anyways, I am not looking at either bugs or zero bugs-- just less bugs. The stock ftpd that comes with FreeBSD has not had many holes for example. For the boxes I help look after, there is a real cost every time we need to upgrade the software, not to mention the risk exposure while the hole is left unpatched. x bugs a year vs x+y is a measurable difference for us. For larger networks this becomes even more acute of course. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message