RE: Debian Linux vs BSD
This was my mistake. There is a link on the openBSD site to "ports". This
link is to the xBSD general repository which I mistakenly thought was the
openBSD repository. The ProFTP program is part of the general repository.
Sorry for the confusion.
I also assume this means that openBSD is more secured as long as what you
need comes with openBSD as part of their closer reviewed distribution.
Installing anything else would presumably cause the same bugs under openBSD
as it would under freeBSD.
openBSD code review must have been quite an impressive effort to say the
least...
-paul
-----Original Message-----
From: Matthew Gregan [mailto:kinetik@ihug.co.nz]
Sent: Saturday, October 30, 1999 7:54 AM
To: debian-user
Subject: Re: Debian Linux vs BSD
On Thu, Oct 28, 1999 at 01:30:19PM -0400, Paul McHale wrote:
> There is one question. They announce openBSD ships with a secure
> version of ProFTP. The version appears to be older than the bug
> version(s). Is there something inherently different about BSD that it
> was not affected by the bug ?
Where is this announcement, on the OpenBSD website?
I don't know what the story is with ProFTPD in OpenBSD in regard to
security, but recently on the OpenBSD mailing list, Theo de Raadt
(leader of the project), stated that ProFTPD won't be secure without a
complete rewrite... I'm not sure if the version in the OpenBSD
distribution has been audited by the team or not, though.
--
[ Matthew Gregan ] [ GPG ID: B63A1E95 ] [ kinetik@ihug.co.nz ]
[ GPG fingerprint: FB83 2911 F170 B31C 9E4A E382 CA8A A2F6 B63A 1E95 ]
Reply to: