Package: harden-servers
Version: 0.1.17
Meta-package harden-servers conflicts package vsftpd. Since version >=2,
vsftpd now supports ssl, so passwords are no more sent in cleartext form.
Package harden-servers doesn't conflict the ftpd-ssl because of this same
reason, so now harden-servers should accept vsftpd as a possible secure ftp
alternative. Furthermore, vsftpd has features which the ftpd-ssl daemon
doesn't support since it's just a netkit ftp: different ways to
enforce/restrict anonymous users, chroot environments, built-in commands
(like "ls"). Thus, harden-servers implies that ftpd-ssl is more secure than
vsftpd, which is currently probably not true.
The fix should be trivial (conflict vsftpd less than version 2), but
unfortunately too late to get into sarge, I guess :( Still, it's nothing a
knowledgeable sysadmin can live without.
Best Regards,
Vassil Dichev
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
