From owner-freebsd-security Sun May 7 1:38:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from ady.warpnet.ro (ady.warpnet.ro [194.102.224.1]) by hub.freebsd.org (Postfix) with ESMTP id 6A5EF37B87C; Sun, 7 May 2000 01:38:18 -0700 (PDT) (envelope-from ady@freebsd.ady.ro) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id LAA12357; Sun, 7 May 2000 11:41:30 +0300 (EEST) (envelope-from ady@freebsd.ady.ro) Date: Sun, 7 May 2000 11:41:30 +0300 (EEST) From: Adrian Penisoara X-Sender: ady@ady.warpnet.ro To: Warner Losh Cc: Kris Kennaway , security-officer@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: port update: mail/imap-uw from 4.7c1 to 4.7c2 In-Reply-To: <200005062225.QAA66596@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 6 May 2000, Warner Losh wrote: > In message Kris Kennaway writes: > : The alternative is reissuing advisories every time saying "whoops, the > : imap-uw port is insecure again".."now it's fixed".."oops, it's still > : insecure" > > No. Let's mark it insecure. Let's continue to update it with buffer > overflow fixes as they happen. If we go for a whole month without > getting any new ones, then we'll reevaluate then. > > In the mean time, we don't update the imap advisory beyond "it is > broken, has a poor track record and runs at elevated privs. It is > being disabled until such time as it can be trusted again." and let > the author whine all he wants. > Forgive me for redudancy, but doesn't OpenIMAPd sound good enough for a new and useful project ? Thanks, Ady (@freebsd.ady.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message