Peter Serwe wrote:
I don't see any patches to fix security problems, but I am not
prepared to believe there are no security problems. There are patches
to fix standards non-compliance (eg RFC 1870 and RFC 2821) and nobody
can distribute source with them preapplied. Instead, they must
distribute patch alone or source-plus-patch.
Well, ya know it's kinda funny. The author has had a cash prize for
anybody to find a security
hole in qmail for the better part of a decade, and as much as a lot of
people have gotten really
intimate with the qmail source code (as evidenced by the sheer number of
patches), nobody
has EVER been able to find one and claim the prize. I think that's as
close to being able to
believe there aren't any issues as any software I've ever seen.
I saw that. Who's the judge of what constitutes a security bug? You and
I are very likely to disagree in some cases, even where we agree on a
definition.
I do value standards compliance, and I think that something like:
yum install postfix spamassassin dovecote
beats downloading the source, patching, installing binaries (in /var?
really!) and taking it on myself to verify it all fits together.
_I_ don't want development tools on my mail gateway, and if I really
wanted to build from source I'd probably be using gentoo. or building
RHEL myself.
Actually, I do, sort of, on one box:-) Both.
Certainly Bill Gates would
be substantially poorer had he ever made that claim, and backed it with
cash over the same
time period.
</rant> :D
I also saw his comments re the author of postfix. OTOH, at
www.postfix.org I could find nothing bad about qmail or its author. If
Dan didn't propagate the alleged slanders, hardly anyone would know
about them.
I also saw his comments re the future of qmail:
http://cr.yp.to/qmail/future.html
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
Please do not reply off-list
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
