From: Andrzej Filip (anfi@Box43.pl)
From: Andrzej Filip <anfi@Box43.pl> Date: Sat, 19 Apr 2003 10:29:00 +0000
Chris Cox wrote:
> Michael Heiming wrote:
>> I'd prefer to do this with upgrading to 8.12.9, hope there's now some
>> silence, 2 security related updates in this year should be enough.;(
> A good QA person will tell you that two problems found in rapid
> succession is NOT a good sign for the short term. My guess is
> that there are several more problems to be found in a similar
> vein as the two recent hits. Given the history of the product,
> it's likely there are more major security issues left to be
> uncovered in the mid-long term.
The two CRITICAL vulnerabilities survived MANY years undedected -
it makes the problem even worse.
> I not advocating postfix, exim or (gulp) qmail, but it might be
> a good time to explore the alternatives. Some of sendmail's
> obvious problems are caused by the ubiquity of the platform
> (popular packages get hit harder via testing and live scenarios).
> KISS products are generally a better fit whenever possible.
FYI: sendmail 9 is under development [total redesign].
-- Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/ *Random epigram* : Sometimes even to live is an act of courage. -- Seneca