Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Nov 2001 10:43:42 -0500
From:      Carroll Kong <damascus@home.com>
To:        Mike Tancsa <mike@sentex.net>
Cc:        Mitch Collinsworth <mitch@collinsworth.info>, security@FreeBSD.ORG
Subject:   Re: Fwd: Vendors For WU-FTPD Please Read
Message-ID:  <5.1.0.14.2.20011120104126.02698ec0@netmail.home.com>
In-Reply-To: <5.1.0.14.0.20011120095853.038e9280@marble.sentex.ca>
References:  <Pine.LNX.4.10.10111200951270.988-100000@ruby.ccmr.cornell. edu> <5.1.0.14.0.20011120093740.038e2580@marble.sentex.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
At 10:10 AM 11/20/01 -0500, Mike Tancsa wrote:
>At 09:55 AM 11/20/01 -0500, Mitch Collinsworth wrote:
>
>>On Tue, 20 Nov 2001, Mike Tancsa wrote:
>>
>> > It too seems to be vulnerable to various security holes in the recent and
>> > not so recent past :-(
>>
>>Name one thing that hasn't been.  The real issue, IMO, is not
>>having never had a security bug, but how quickly bugs are fixed
>>and how easy it is to apply the fixes.
>
>qmail ?  Anyways, I am not looking at either bugs or zero bugs-- just less 
>bugs.  The stock ftpd that comes with FreeBSD has not had many holes for 
>example.  For the boxes I help look after, there is a real cost every time 
>we need to upgrade the software, not to mention the risk exposure while 
>the hole is left unpatched.  x bugs a year vs x+y is a measurable 
>difference for us.  For larger networks this becomes even more acute of course.
>
>         ---Mike
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

I have noticed that ncftpd seems to be a pretty solid ftpd in terms of a 
good security track record.  Unfortunately, it costs a little bit for 
licensing.  The stock ftpd with FreeBSD is indeed very good.

Finally, I agree with Mike.  When you start managing more and more boxes, 
it becomes a serious pain in the butt.  You have to worry so much more 
(which is part of the job, but still), about sendmail or bind or wu-ftpd 
blowing up.  It is nicer if you can get something that has a few less bugs 
to minimize this.



-Carroll Kong


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20011120104126.02698ec0>