Date: Tue, 20 Nov 2001 10:43:42 -0500 From: Carroll Kong <damascus@home.com> To: Mike Tancsa <mike@sentex.net> Cc: Mitch Collinsworth <mitch@collinsworth.info>, security@FreeBSD.ORG Subject: Re: Fwd: Vendors For WU-FTPD Please Read Message-ID: <5.1.0.14.2.20011120104126.02698ec0@netmail.home.com> In-Reply-To: <5.1.0.14.0.20011120095853.038e9280@marble.sentex.ca> References: <Pine.LNX.4.10.10111200951270.988-100000@ruby.ccmr.cornell. edu> <5.1.0.14.0.20011120093740.038e2580@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:10 AM 11/20/01 -0500, Mike Tancsa wrote: >At 09:55 AM 11/20/01 -0500, Mitch Collinsworth wrote: > >>On Tue, 20 Nov 2001, Mike Tancsa wrote: >> >> > It too seems to be vulnerable to various security holes in the recent and >> > not so recent past :-( >> >>Name one thing that hasn't been. The real issue, IMO, is not >>having never had a security bug, but how quickly bugs are fixed >>and how easy it is to apply the fixes. > >qmail ? Anyways, I am not looking at either bugs or zero bugs-- just less >bugs. The stock ftpd that comes with FreeBSD has not had many holes for >example. For the boxes I help look after, there is a real cost every time >we need to upgrade the software, not to mention the risk exposure while >the hole is left unpatched. x bugs a year vs x+y is a measurable >difference for us. For larger networks this becomes even more acute of course. > > ---Mike >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message I have noticed that ncftpd seems to be a pretty solid ftpd in terms of a good security track record. Unfortunately, it costs a little bit for licensing. The stock ftpd with FreeBSD is indeed very good. Finally, I agree with Mike. When you start managing more and more boxes, it becomes a serious pain in the butt. You have to worry so much more (which is part of the job, but still), about sendmail or bind or wu-ftpd blowing up. It is nicer if you can get something that has a few less bugs to minimize this. -Carroll Kong To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20011120104126.02698ec0>