Received: with ECARTIS (v1.0.0; list gopher); Sat, 13 Mar 2004 21:16:49 -0600 (CST) Return-Path: X-Original-To: gopher@complete.org Delivered-To: gopher@complete.org Received: from localhost (localhost [127.0.0.1]) by glockenspiel.complete.org (Postfix) with ESMTP id 0253A10A; Sat, 13 Mar 2004 21:16:48 -0600 (CST) Received: from glockenspiel.complete.org ([127.0.0.1]) by localhost (glockenspiel [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 29891-10; Sat, 13 Mar 2004 21:16:41 -0600 (CST) Received: by glockenspiel.complete.org (Postfix, from userid 1000) id 3501E129; Sat, 13 Mar 2004 21:16:40 -0600 (CST) Date: Sat, 13 Mar 2004 21:16:39 -0600 From: John Goerzen To: gopher@complete.org Subject: [gopher] Re: Gopherd or pygopherd? Message-ID: <20040314031639.GB30332@complete.org> References: <20040313210311.GA10755@complete.org> <20040313181126.2e064e3c.markov@monmouth.com> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040313181126.2e064e3c.markov@monmouth.com> User-Agent: Mutt/1.5.4i X-Virus-Scanned: by amavisd-new-20030616-p7 (Debian) at complete.org Content-Transfer-Encoding: 8bit X-archive-position: 889 X-ecartis-version: Ecartis v1.0.0 Sender: gopher-bounce@complete.org Errors-to: gopher-bounce@complete.org X-original-sender: jgoerzen@complete.org Precedence: bulk Reply-to: gopher@complete.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: Gopher X-List-ID: Gopher List-subscribe: List-owner: List-post: List-archive: X-list: gopher On Sat, Mar 13, 2004 at 06:11:26PM -0500, Vlad D. Markov wrote: > On Sat, 13 Mar 2004 15:03:11 -0600 > John Goerzen wrote: > > -- John > > > I saw the Debian folks supporting UMN Gopherd. It went GNU. They have > made releases since taking over. Most of the work seems to be focused on > fixing security holes. I can't say whether PyGopherd is more advanced or > not than UMN Gopherd. I just wanted to point out that UMN Gopherd is > still being worked on. The "Debian folks" to which you refer are, actually, me. I do maintain the UMN Gopher client still, but gave up on UMN Gopherd due to security and Pygopherd (as stated before). I'm a Debian developer and maintain the UMN Gopher distribution for Debian as well; it's the same as the UMN Gopher tree I post on quux.org, which should be considered the state of the art for that distribution. > My feeling is that there will never be a perfectly secure server. Yeah, > its easier to make mistakes using one programming language than another > but as long as we are human we will make an error - run it chrooted or > in a jail if security is a real concern be it in Python or (heavens > forbid!) assembly language. However, I would say that chances are extremely good that there are exploitable security holes in UMN gopherd right now. Ones that could be exploited by anyone with access to the code. In fact, a security patch exists in Debian woody for such a hole; if you do not use that package, you will be running a server with a *known* hole. Of course, you can run what you like. But consider yourself warned. > I run one of the later releases of UMN Gopherd on a P75 with 32MB of > memory. It works, the documentation could use improvement, and some of > the implemented features are a trip down memory lane (eg. download via > xmodem). If my computer is on, its at vlamer.dyndns.org. I don't think PyGopherd is a resource hog. It will read all your UMN .Links, .names, .cap files, etc. All you should have to change is the config file. Other than that, it should be a drop-in replacement. I do recommend giving it a try. BTW, nice site! -- John Goerzen www.complete.org