On Thu, 24 Jul 2003, Brian Ashe wrote: > On Thursday July 24, 2003 02:06, Christopher Wong wrote: > > It looks like past performance and architectural criticisms have been > > disqualified with respect to sendmail. I'd turn the question around: given > > this we-got-the-last-bug-this-time-honest line of reasoning, is it ever > > possible to conclude that sendmail is insecure? > > So your logic holds that if there are a lot of released security issues over a > period of time, that the software is of less quality and diminished value > regardless of how it performs it's normal functions? > > So then by this logic we should check to see how many reported security issues > Sendmail has had and what other components are similar so we can all stop > using them... (long post about other software exploits) The difference is that in the case of sendmail, we have comparable substitutes with 100% perfect security history, even as sendmail exploits continue to appear. But my question remains unanswered: "given this we-got-the-last-bug-this-time-honest line of reasoning, is it ever possible to conclude that sendmail is insecure?" For sendmail defenders, I suspect that the answer is "no", regardless of the real condition of sendmail. Chris -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
