On Fri, Feb 06, 2004 at 02:21:45PM +0300, Boris B. Zhmurov wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Markus Gaugusch wrote: | Comparing the complexity of the kernel with a simple thing like an FTP | daemon is not really what I call good argumentation ...
Ok, apache vs proftpd, or sendmail vs proftpd, or pptpd vs proftpd, or mysql vs proftpd, or named vs proftpd? Is that argumentation? :)
Look, there are replacement ftp servers for proftpd with whom you don't lose that much. Thus intensive efforts are not worth to be done by the security team for that product. This does not apply to the other products: - apache is _the_ web server - sendmail could be replaced in principle and is done as the default MTA, but it is a standard implementation, many people want to have - pptpd does not have the flaw in the implementation, but in the protocol; if someone wants or must use that protocol for some reason, he has to live with the problems, no replacement availlable - databases are _too_ different to easily replace mysql with alternatives, and btw. the alternatives most likely have similar problems - named like apache is _the_ standard product on its field Robert -- Robert Schiele Tel.: +49-621-181-2517 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de