Date: Fri, 01 Jan 1999 19:08:59 +0100 From: sthaug@nethelp.no To: des@flood.ping.uio.no Cc: current@FreeBSD.ORG, freebesd-test@FreeBSD.ORG Subject: Re: HEADS UP: Postfix is coming. new uid, gid required. Message-ID: <26928.915214139@verdi.nethelp.no> In-Reply-To: Your message of "01 Jan 1999 18:24:01 %2B0100" References: <xzp3e5usy8e.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
> One more thing: whether intended or not, by importing it into the > source tree, the Project places a stamp of approval on PostFix. Are we > ready to do that? I, for one, would *never* run PostFix, as it is > today, on a computer to which regular users have shell access. I, for one, would never run *sendmail* on a computer where regular users have shell access. I put considerably more trust in postfix, even at this stage, than sendmail with its known past riddled with security holes. If I had to make a list of "trust" in mailers, it would currently have to be: 1. qmail 2. postfix 3. sendmail > If you > don't understand what I mean, read BUGTRAQ, and try the various > attacks described for yourself. Wietse Venema can't keep handwaving > those holes for much longer. If you've followed the discussion, you know that you have an alternative in the latest Postfix version, namely a setgid program instead of a world writable directory. > So please, *please* keep PostFix out of the source tree until we're > absolutely certain it's mature enough, and until the FreeBSD community > have accumulated enough experience with running PostFix on FreeBSD. I would be happy to have postfix in the source tree. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26928.915214139>