The List has returned! [x-adr]

Scott Smith scott at roadtoad.net
Thu Jul 31 20:33:22 CDT 2003 

While it may or may not be a good point that Qmail has had a small 
amount or no reported security issues with Qmail lately, you also have 
to take into consideration the response time a developer has in 
announcing and fixing security issues.

Because if ya don't I'm gonna have to start looking up Linux security 
announcements, and since I think it's safe to say you use Linux on some 
regular basis, your point will then be moot.  Wait, it already is...

Scott

Garrett Goebel wrote:

> Gerald Combs wrote:
> > On Thu, 31 Jul 2003, Frank Wiles wrote:
> > >
> > > Also, the days when Sendmail was a big security risk are
> > > pretty much gone.  Yes I will admit it has had a checkered
> > > past, but honestly how many Sendmail specific security
> > > holes have there been in the last year?
> >
> > According to cve.mitre.org, there have been several:
> >
> >   http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sendmail
> >
>
> And how many in qmail? Zero.
>
> While his own license is fairly open (more open than Netscape's was 
> when RedHat was distributing its binaries)... its pretty obvious DJB 
> has something against gnu and open source licenses. I wonder what it 
> is? Loss of control over _his_ code? Does anyone know of anything he's 
> written directly on this point?
>
> Compile from source distributions like Gentoo are practially 
> unrestricted by DJB's licensing terms. He does explicitly allow you to 
> download and compile his source. And makes explicit your rights to do 
> whatever you want with it thereafter 
> (http://cr.yp.to/softwarelaw.html). As far as I've read, he just won't 
> allow modified binaries.
>
> It just seems kind of sad that you wind up with multiple series of 
> patches against qmail... like some throw-back to minix. That will take 
> you only so far.
>
> -- 
> Garrett Goebel
> IS Development Specialist
>
> ScriptPro                  Direct: 913.403.5261
> 5828 Reeds Road            Main:   913.384.1008
> Mission, KS 66202          Fax:    913.384.2180
> www.scriptpro.com          garrett at scriptpro dot com
>

More information about the Kclug mailing list