From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzband.ncsc.mil (jazzband.ncsc.mil [144.51.5.4]) by tycho.ncsc.mil (8.9.3/8.9.3) with ESMTP id GAA24757 for ; Fri, 16 Mar 2001 06:38:23 -0500 (EST) Received: from jazzband.ncsc.mil (localhost [127.0.0.1]) by jazzband.ncsc.mil with ESMTP id LAA08761 for ; Fri, 16 Mar 2001 11:38:21 GMT Received: from ecstasy.ksu.ru (ecstasy.ksu.ru [193.232.252.41]) by jazzband.ncsc.mil with ESMTP id LAA08757 for ; Fri, 16 Mar 2001 11:38:15 GMT Message-ID: <3AB1F827.3010308@ksu.ru> Date: Fri, 16 Mar 2001 14:25:27 +0300 From: Pedro Rosa MIME-Version: 1.0 To: Kurth Bemis CC: selinux@tycho.nsa.gov Subject: Re: Secure? References: <4.3.2.7.2.20010315083635.02bb5068@mail.usaexpress.net> Content-Type: text/plain; charset=us-ascii; format=flowed Sender: owner-selinux@tycho.nsa.gov List-ID: Kurth Bemis wrote: > isn't the point of NSA ESL to be secure? If so why are you using > something that is buggier than netscape code?? I referring to > wu-FTP. why not put efforts toward something that is already secure > (like OpenBSD)? Is there some reason that i'm missing as to why you > choosing this route? > > ~kurth > > > -- > You have received this message because you are subscribed to the > selinux list. > If you no longer wish to subscribe, send mail to > majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. > > Apart of that stupid OS-war call (I have nothing against OpenBSD and even use it in some servers btw), the question has some base... WuFTP has been plagued by bugs and security holes for quite long. And on the NSA's site this program has also the mark "untested". Frankly why to set efforts in a program that seems conceptually flawed? Or is there a "light in the end of the tunnel" for WuFTP's troubles? Shouldn't we consider other ftp daemons? Or if we realise that FTP protocol is flawed from start, to choose other protocols? Frankly I would like to see a more clear position about this question as the presence of WuFTP is probably the most questionable program in selinux. Not only in technical terms but also it arises questions in the concept itself. Ektanoor -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.