On Thu, 24 Jul 2003, Jonathan Gardner wrote: > Sendmail has a bad rap because many exploits were FOUND and fixed. How many > pieces of software do you use day-to-day that have many exploits that are > still in hiding, or worse, only in the hands of the black hats? So, does > sendmail deserve its bad reputation? Or should it be called far more tested > and secured than any of its competitors? That argument might hold if sendmail's exploits were found in the distant past, but exploits continued to be fixed as early as this March. By contrast, no known remote exploits have ever been found for its major secure competitors (qmail, postfix). It looks like past performance and architectural criticisms have been disqualified with respect to sendmail. I'd turn the question around: given this we-got-the-last-bug-this-time-honest line of reasoning, is it ever possible to conclude that sendmail is insecure? Chris -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
