Date: Wed, 16 Jun 2004 14:57:47 -0400 From: Robert Huff <roberthuff@rcn.com> To: freebsd-questions@freebsd.org Subject: Re: Mail Message-ID: <16592.38955.399680.399710@jerusalem.litteratus.org> In-Reply-To: <40D081D1.1060606@mac.com> References: <40D023A1.8090009@cs.uiowa.edu> <20040616140305.GD32001@millerlite.local.mark-and-erika.com> <20040616145305.GB15913@ei.bzerk.org> <40D081D1.1060606@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Swiger writes: > There have been around 70 security issues mentioned since the > beginning of sendmail-8 circa 1993, or about six per year. > Recently, things have gotten better, but a dispassionate > evaluation of the security history of sendmail does not inspire > any great confidence that one can set up sendmail, leave it > unpatched, and expect the software to still be free of known > remotely-exploitable security problems two years later. Would you care to nominate an inherently network-accessible program with such a track record? For example: 5.2.1 was released in late February; there are currently 12 security advisories*, of which I would consider at least 5 to be part of the core system. (As opposed to things in the base system, like BIND.) Robert Huff * - see "http://www.freebsd.org/releases/5.2.1R/relnotes-i386.html#SECURITY"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16592.38955.399680.399710>