Home page logo
/

bugtraq logo Bugtraq mailing list archives

FW: [gopher] UMN Gopher 3.0.6 released
From: John Goerzen <jgoerzen () complete org>
Date: Mon, 18 Aug 2003 13:57:00 -0500

Recently, a security bug in UMN gopherd was reported to this list.  However,
the submitter of this bug made no effort to notify me (the maintainer of
this program) of the bug, either before or after the discovery of the bug. 
I heard about it some time later by a bugtraq reader that submitted a bug to
Debian.

UMN gopherd has been not-really-supported since the maturity of alternative
Gopher servers such as PyGopherd and Bucktooth.  With the realization that
better servers than gopherd exist today, that gopherd needs but is not
likely to receive a thorough security audit, that gopherd has been largely
stagnant since the advent of these newer servers, and that migration paths
are available, I have decided to depricate gopherd and remove it from the
Gopher distribution, effective immediately.

All users of gopherd are advised to immediately upgrade to PyGopherd,
available from http://quux.org/devel/gopher/pygopherd.  It is important to
note that all versions of gopherd currently deployed now have known security
holes.

Thanks to UMN for their pioneering work in gopherd.  It has lasted over 11
years and inspired whole new ways of using the Internet.

UMN gopher, the curses-based gopher client, will remain part of the
distribution.

----- Forwarded message from John Goerzen <jgoerzen () complete org> -----

From: John Goerzen <jgoerzen () complete org>
Date: Mon, 18 Aug 2003 13:46:39 -0500
Reply-To: gopher () complete org
To: gopher () complete org
Subject: [gopher] UMN Gopher 3.0.6 released

Hello,

I have made the release of Gopher 3.0.6.

The big change with this version is that UMN gopherd has been removed from
the distribution.  This change was made for the following reasons:

1. Many other capable servers exist.  PyGopherd specifically supports
   UMN in an often bug-compatible way, and no development effort has been
   expended on gopherd in quite some time.

2. Security problems continue to be found in the legacy gopherd code, and
   due to the development on more modern servers, nobody has the time to
   make a comprehensive security audit of gopherd.

3. New features are more easily added to other servers, and the gopherd
   codebase thus has languished since other servers have appeared.

UMN Gopher, the Gopher client, continues to be part of the distribution.

The last version of Gopher containing gopherd is preserved on the Gopher
site at http://quux.org/devel/gopher/Downloads/old as well as the Subversion
repository.  Anyone interested in maintaining gopherd may contact me, and I
would be happy to help you fork it.

I am designating PyGopherd as the upgrade path for current users of gopherd.
There are other quality Gopher servers out there; the reason I say this is
because PyGopherd has the most complete support for UMN-style .Links, .cap,
etc. files.  PyGopherd may be obtained from
http://quux.org/devel/gopher/pygopherd.

***
*** All versions of UMN gopherd currently deployed have known security bugs
*** and users are advised to switch to PyGopherd ASAP.
***

Gopher 3.0.6 may be obtained from http://quux.org/devel/gopher.

-- John


----- End forwarded message -----


  By Date           By Thread  

Current thread:
  • FW: [gopher] UMN Gopher 3.0.6 released John Goerzen (Aug 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault