On Thu, 2003-07-24 at 13:06, Christopher Wong wrote: > On Thu, 24 Jul 2003, Jonathan Gardner wrote: > > Sendmail has a bad rap because many exploits were FOUND and fixed. How many > > pieces of software do you use day-to-day that have many exploits that are > > still in hiding, or worse, only in the hands of the black hats? So, does > > sendmail deserve its bad reputation? Or should it be called far more tested > > and secured than any of its competitors? > > That argument might hold if sendmail's exploits were found in the distant > past, but exploits continued to be fixed as early as this March. By > contrast, no known remote exploits have ever been found for its major > secure competitors (qmail, postfix). > > It looks like past performance and architectural criticisms have been > disqualified with respect to sendmail. I'd turn the question around: given > this we-got-the-last-bug-this-time-honest line of reasoning, is it ever > possible to conclude that sendmail is insecure? > > Chris > While not discussing technical merits, the following fact alone would keep it out of Red Hat's distribution because it restricts your (and Red Hat's) freedom to modify and redistribute modifications. Who the hell wants to wait for his "approval"...and what if he doesn't give it? "If you want to distribute modified versions of qmail (including ports, no matter how minor the changes are) you'll have to get my approval." Except taken from http://cr.yp.to/qmail/dist.html That sounds like vendor lock in to me! Just my $0.02 worth. -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
