Re: sendmail

From: Andrzej Filip (anfi@Box43.pl)
Date: 04/19/03


From: Andrzej Filip <anfi@Box43.pl>
Date: Sat, 19 Apr 2003 10:29:00 +0000

Chris Cox wrote:
>
> Michael Heiming wrote:
> ...
>> I'd prefer to do this with upgrading to 8.12.9, hope there's now some
>> silence, 2 security related updates in this year should be enough.;(
>
> A good QA person will tell you that two problems found in rapid
> succession is NOT a good sign for the short term. My guess is
> that there are several more problems to be found in a similar
> vein as the two recent hits. Given the history of the product,
> it's likely there are more major security issues left to be
> uncovered in the mid-long term.

The two CRITICAL vulnerabilities survived MANY years undedected -
it makes the problem even worse.

> I not advocating postfix, exim or (gulp) qmail, but it might be
> a good time to explore the alternatives. Some of sendmail's
> obvious problems are caused by the ubiquity of the platform
> (popular packages get hit harder via testing and live scenarios).
> KISS products are generally a better fit whenever possible.

FYI: sendmail 9 is under development [total redesign].

-- 
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
*Random epigram* :
Sometimes even to live is an act of courage.
	-- Seneca