I'm receiving almost no-end off-BTS reports about sarge proftpd package (1.2.10-15). It is amazing to see how few people care to consult the Debian Bugs Tracking System to know possible issues and problems with Debian packages. The old package in stable has a few gotchas (segfaults and cpu hogging) due to mod_delay module, which stabilized only recently, about one month or so after sarge release.
My suggestion is using 1.2.10-20 release on any production server, if you would not experiment DoSes and CPU consumption under heavy load. I packaged a stable backport with needed patches and uploaded to my own repo sitory on people. You can also add an apt resource like:
deb http://people.debian.org/~frankie/debian/sarge/ ./
I hope a proposed update with those changes enter a next point release of sarge. Incidentally, -20 solves also a couple of security issues pointed recently by Secunia and full disclosed since then. They will be object of a secure team update (thanks Michael Stone), due in a few.
