Date: Wed, 16 Jun 2004 16:13:47 -0400 From: Jim Trigg <jtrigg@spamcop.net> To: freebsd-questions@freebsd.org Subject: Re: Mail Message-ID: <20040616201347.GB29666@spamcop.net> In-Reply-To: <16592.38955.399680.399710@jerusalem.litteratus.org> References: <40D023A1.8090009@cs.uiowa.edu> <20040616140305.GD32001@millerlite.local.mark-and-erika.com> <20040616145305.GB15913@ei.bzerk.org> <40D081D1.1060606@mac.com> <16592.38955.399680.399710@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 16, 2004 at 02:57:47PM -0400, Robert Huff wrote:
>
> Chuck Swiger writes:
>
> > There have been around 70 security issues mentioned since the
> > beginning of sendmail-8 circa 1993, or about six per year.
> > Recently, things have gotten better, but a dispassionate
> > evaluation of the security history of sendmail does not inspire
> > any great confidence that one can set up sendmail, leave it
> > unpatched, and expect the software to still be free of known
> > remotely-exploitable security problems two years later.
>
> Would you care to nominate an inherently network-accessible
> program with such a track record? For example: 5.2.1 was released
> in late February; there are currently 12 security advisories*, of
> which I would consider at least 5 to be part of the core system.
> (As opposed to things in the base system, like BIND.)
Postfix and Exim. I found no security advisories for either on the CERT
website; that actually covers their entire lifecycles.
Jim Trigg
--
Jim Trigg, Lord High Everything Else O- /"\
\ / ASCII RIBBON CAMPAIGN
Hostmaster, Huie Kin family website X HELP CURE HTML MAIL
Verger, All Saints Church - Sharon Chapel / \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040616201347.GB29666>