Date: Sun, 11 Feb 2001 15:02:12 -0500 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: "Chris Faulhaber" <jedgar@fxp.org>, "Dominic Marks" <dominic_marks@hotmail.com> Cc: <freebsd-security@freebsd.org> Subject: Re: Secure Servers (SMTP, POP3, FTP) Message-ID: <004a01c09465$86506f80$1e9e6389@137.99.156.23> References: <F55PFTg4bPYkAOt67zL00011da9@hotmail.com> <20010211074201.B1396@jive.44bsd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
the code is unauditable? last time i checked, you compiled qmail from source. In fact, Mr. Bernstein has tighter restrictions on binary distribution. "You are permitted to distribute a precompiled var-qmail package if (1) installing the package produces exactly the same /var/qmail hierarchy as a user would obtain by downloading, compiling, and installing qmail-1.03.tar.gz, fastforward-0.51.tar.gz, and dot-forward-0.71.tar.gz; (2) the package behaves correctly, i.e., the same way as normal qmail+fastforward+dot-forward installations on all other systems; and (3) the package's creator warrants that he has made a good-faith attempt to ensure that the package behaves correctly. It is not acceptable to have qmail working differently on different machines; any variation is a bug. If there's something about a system (compiler, libraries, kernel, hardware, whatever) that changes qmail's behavior, then that platform is not supported, and you are not permitted to distribute binaries. " the licence is the standard artistic rights licence which says any changes prior to redistribution must be approved but that's about it. I don't see how that scheme "stinks". IIRC, eric raymond requested all changes to fetchmail to go through him before going public (several years ago). the bottom line is, comb through the code, find a flaw, make an exploit, go to Mr. Bernstein with the documentation, and claim your <insert current assigned monetary value> prize. isn't that what "auditing" is all about? ----- Original Message ----- From: "Chris Faulhaber" <jedgar@fxp.org> To: "Dominic Marks" <dominic_marks@hotmail.com> Cc: <freebsd-security@freebsd.org> Sent: Sunday, February 11, 2001 7:42 AM Subject: Re: Secure Servers (SMTP, POP3, FTP) > Mail Options: > 1. Qmail - Secure, written for FreeBSD (Qwest?), Fast, Configurable But the code is unauditable and the license stinks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004a01c09465$86506f80$1e9e6389>