This was my mistake. There is a link on the openBSD site to "ports". This link is to the xBSD general repository which I mistakenly thought was the openBSD repository. The ProFTP program is part of the general repository. Sorry for the confusion.
I also assume this means that openBSD is more secured as long as what you need comes with openBSD as part of their closer reviewed distribution. Installing anything else would presumably cause the same bugs under openBSD as it would under freeBSD. openBSD code review must have been quite an impressive effort to say the least... -paul -----Original Message----- From: Matthew Gregan [mailto:[EMAIL PROTECTED] Sent: Saturday, October 30, 1999 7:54 AM To: debian-user Subject: Re: Debian Linux vs BSD On Thu, Oct 28, 1999 at 01:30:19PM -0400, Paul McHale wrote: > There is one question. They announce openBSD ships with a secure > version of ProFTP. The version appears to be older than the bug > version(s). Is there something inherently different about BSD that it > was not affected by the bug ? Where is this announcement, on the OpenBSD website? I don't know what the story is with ProFTPD in OpenBSD in regard to security, but recently on the OpenBSD mailing list, Theo de Raadt (leader of the project), stated that ProFTPD won't be secure without a complete rewrite... I'm not sure if the version in the OpenBSD distribution has been audited by the team or not, though. -- [ Matthew Gregan ] [ GPG ID: B63A1E95 ] [ [EMAIL PROTECTED] ] [ GPG fingerprint: FB83 2911 F170 B31C 9E4A E382 CA8A A2F6 B63A 1E95 ]
