Backup tool?
Daniel Robitaille
robitaille at gmail.com
Wed Oct 13 01:07:49 UTC 2004
> I took a look at Mondo a couple of years ago when I was looking fora
> general purpose backup tool.
>
> Its specs are terrific, and I like the fact it uses afio (also a greate
> little archiver).
>
> However, the code back then was full of security holes, it regularly
> uses the system() function without checking the input.
>
Mondo is currently both in Ubuntu's universe and in Debian. On purely
theoretical point of view, if a package was so bad from a security
point of view, and if the upstream author(s) wasn't interested in
their resolution, could it lead the package to be totally dropped from
Debian/Ubuntu simply due to it's unsafe condition.
Personally I'm only an end-user and I don't have the technical
knowledge to read the C source code of a package like this one, and
judge for myself if it's still good or bad now compared to John's
experience a few years back. So I depend on knowledgable people who
will do (have done?) the auditing exercise and make sure the current
package that I can very easily install from Ubuntu's universe is safe,
or at least safer than before.
More information about the ubuntu-users
mailing list