From owner-freebsd-questions@FreeBSD.ORG Wed Jun 16 20:13:51 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BBF416A4CE for ; Wed, 16 Jun 2004 20:13:51 +0000 (GMT) Received: from argent.heraldsnet.org (argent.heraldsnet.org [64.83.41.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2ADA843D31 for ; Wed, 16 Jun 2004 20:13:51 +0000 (GMT) (envelope-from jtrigg@spamcop.net) Received: by argent.heraldsnet.org (Postfix, from userid 1001) id 2593835E; Wed, 16 Jun 2004 16:13:47 -0400 (EDT) Date: Wed, 16 Jun 2004 16:13:47 -0400 From: Jim Trigg To: freebsd-questions@freebsd.org Message-ID: <20040616201347.GB29666@spamcop.net> Mail-Followup-To: freebsd-questions@freebsd.org References: <40D023A1.8090009@cs.uiowa.edu> <20040616140305.GD32001@millerlite.local.mark-and-erika.com> <20040616145305.GB15913@ei.bzerk.org> <40D081D1.1060606@mac.com> <16592.38955.399680.399710@jerusalem.litteratus.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <16592.38955.399680.399710@jerusalem.litteratus.org> User-Agent: Mutt/1.4.2.1i X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . Subject: Re: Mail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 20:13:51 -0000 On Wed, Jun 16, 2004 at 02:57:47PM -0400, Robert Huff wrote: > > Chuck Swiger writes: > > > There have been around 70 security issues mentioned since the > > beginning of sendmail-8 circa 1993, or about six per year. > > Recently, things have gotten better, but a dispassionate > > evaluation of the security history of sendmail does not inspire > > any great confidence that one can set up sendmail, leave it > > unpatched, and expect the software to still be free of known > > remotely-exploitable security problems two years later. > > Would you care to nominate an inherently network-accessible > program with such a track record? For example: 5.2.1 was released > in late February; there are currently 12 security advisories*, of > which I would consider at least 5 to be part of the core system. > (As opposed to things in the base system, like BIND.) Postfix and Exim. I found no security advisories for either on the CERT website; that actually covers their entire lifecycles. Jim Trigg -- Jim Trigg, Lord High Everything Else O- /"\ \ / ASCII RIBBON CAMPAIGN Hostmaster, Huie Kin family website X HELP CURE HTML MAIL Verger, All Saints Church - Sharon Chapel / \