[gopher] Re: Gopherd or pygopherd?

To: gopher@complete.org
Subject: [gopher] Re: Gopherd or pygopherd?
From: John Goerzen <jgoerzen@complete.org>
Date: Sat, 13 Mar 2004 21:16:39 -0600
Message-id: <[🔎] 20040314031639.GB30332@complete.org>
Reply-to: gopher@complete.org
In-reply-to: <[🔎] 20040313181126.2e064e3c.markov@monmouth.com>
References: <[🔎] Pine.LNX.4.58.0403131538400.3779@tanatos> <[🔎] 20040313210311.GA10755@complete.org> <[🔎] 20040313181126.2e064e3c.markov@monmouth.com>

On Sat, Mar 13, 2004 at 06:11:26PM -0500, Vlad D. Markov wrote:
> On Sat, 13 Mar 2004 15:03:11 -0600
> John Goerzen <jgoerzen@complete.org> wrote:
> > -- John
> > 
> I saw the Debian folks supporting UMN Gopherd. It went GNU. They have
> made releases since taking over. Most of the work seems to be focused on
> fixing security holes. I can't say whether PyGopherd is more advanced or
> not than UMN Gopherd. I just wanted to point out that UMN Gopherd is
> still being worked on.

The "Debian folks" to which you refer are, actually, me.  I do maintain
the UMN Gopher client still, but gave up on UMN Gopherd due to security
and Pygopherd (as stated before).  I'm a Debian developer and maintain
the UMN Gopher distribution for Debian as well; it's the same as the UMN
Gopher tree I post on quux.org, which should be considered the state of
the art for that distribution.

> My feeling is that there will never be a perfectly secure server. Yeah,
> its easier to make mistakes using one programming language than another
> but as long as we are human we will make an error - run it chrooted or
> in a jail if security is a real concern be it in Python or (heavens
> forbid!) assembly language.

However, I would say that chances are extremely good that there are
exploitable security holes in UMN gopherd right now.  Ones that could be
exploited by anyone with access to the code.  In fact, a security patch
exists in Debian woody for such a hole; if you do not use that package,
you will be running a server with a *known* hole.

Of course, you can run what you like.  But consider yourself warned.

> I run one of the later releases of UMN Gopherd on a P75 with 32MB of
> memory. It works, the documentation could use improvement, and some of
> the implemented features are a trip down memory lane (eg. download via
> xmodem). If my computer is on, its at vlamer.dyndns.org.

I don't think PyGopherd is a resource hog.  It will read all your UMN
.Links, .names, .cap files, etc.  All you should have to change is the
config file.  Other than that, it should be a drop-in replacement.  I do
recommend giving it a try.

BTW, nice site!

-- 
John Goerzen <jgoerzen@complete.org>                       www.complete.org

Reply to:

Follow-Ups:
- [gopher] Re: Gopherd or pygopherd?
  - From: John Goerzen <jgoerzen@complete.org>

References:
- [gopher] Gopherd or pygopherd?
  - From: Alessandro Selli <dhatarattha@route-add.net>
- [gopher] Re: Gopherd or pygopherd?
  - From: John Goerzen <jgoerzen@complete.org>
- [gopher] Re: Gopherd or pygopherd?
  - From: "Vlad D. Markov" <markov@monmouth.com>

Prev by Date: [gopher] Re: Gopherd or pygopherd?
Next by Date: [gopher] Re: Gopherd or pygopherd?
Previous by thread: [gopher] Re: Gopherd or pygopherd?
Next by thread: [gopher] Re: Gopherd or pygopherd?
Index(es):
- Date
- Thread