Paul Robinson paul at
Fri Feb 8 12:45:49 GMT 2002

On Feb  8, Dominic Marks <dominic_marks at> wrote:

> I *strongly* suggest you don't use wu-ftpd. It's security record is
> diabolical.

There are two opinions on this - that bad security history means you
shouldn't run that code, or that it means you *should* run it. The fact that
a daemon has had a poor security history is typically a good sign if nothing
has been found recently - when you get a few holes in a piece of code
reported to BUGTRAQ the code gets a good going-over from various clueful
people and then if you get a rush of vulns reported you know people are
doing something with it. Eventually, you end up with a relatively well
audited piece of code. That's why you can be relatively sure you're going to
be OK with sendmail, bind and apache these days. wu-ftpd should be fine 
these days from a security point of view, but I don't run it because it 
sucks. *That's* justification for not using it. :-)

Paul Robinson

More information about the Ukfreebsd mailing list