Date: Wed, 16 Jun 2004 16:13:47 -0400 From: Jim Trigg <jtrigg@spamcop.net> To: freebsd-questions@freebsd.org Subject: Re: Mail Message-ID: <20040616201347.GB29666@spamcop.net> In-Reply-To: <16592.38955.399680.399710@jerusalem.litteratus.org> References: <40D023A1.8090009@cs.uiowa.edu> <20040616140305.GD32001@millerlite.local.mark-and-erika.com> <20040616145305.GB15913@ei.bzerk.org> <40D081D1.1060606@mac.com> <16592.38955.399680.399710@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 16, 2004 at 02:57:47PM -0400, Robert Huff wrote: > > Chuck Swiger writes: > > > There have been around 70 security issues mentioned since the > > beginning of sendmail-8 circa 1993, or about six per year. > > Recently, things have gotten better, but a dispassionate > > evaluation of the security history of sendmail does not inspire > > any great confidence that one can set up sendmail, leave it > > unpatched, and expect the software to still be free of known > > remotely-exploitable security problems two years later. > > Would you care to nominate an inherently network-accessible > program with such a track record? For example: 5.2.1 was released > in late February; there are currently 12 security advisories*, of > which I would consider at least 5 to be part of the core system. > (As opposed to things in the base system, like BIND.) Postfix and Exim. I found no security advisories for either on the CERT website; that actually covers their entire lifecycles. Jim Trigg -- Jim Trigg, Lord High Everything Else O- /"\ \ / ASCII RIBBON CAMPAIGN Hostmaster, Huie Kin family website X HELP CURE HTML MAIL Verger, All Saints Church - Sharon Chapel / \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040616201347.GB29666>