Date: Tue, 19 Dec 2017 09:26:47 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: Adam Vande More <amvandemore@gmail.com> Cc: FreeBSD Ports <freebsd-ports@freebsd.org> Subject: Re: Procmail got updated! Message-ID: <nycvar.OFS.7.76.1712190917390.95772@mx.roble.com> In-Reply-To: <CA%2BtpaK3aGYVexJGS=o=Xk8LzmeRKfEgRdhO%2BB9JBXrqc=%2BTnLQ@mail.gmail.com> References: <nycvar.OFS.7.76.1712190843030.95772@mx.roble.com> <CA%2BtpaK3aGYVexJGS=o=Xk8LzmeRKfEgRdhO%2BB9JBXrqc=%2BTnLQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Can certainly sympathize depending on the threat model, but how is that >> any different from Equifax' not having time to patch Struts or not >> having time to change the oil in your car or to brush your teeth ... > > That's a non-sequitur if I understand the response correctly. Procmail IS > patched and I assume applied. So yes mom, teeth are brushed. Correct from a 'known risk only' perspective but isn't code that is a) largely unauditable and b) hasn't been maintained for a long time considered vulnerable regardless of published vulnerabilities? Perhaps not unlike brushing your teeth only when the dentist finds a cavity, it doesn't fundamentally change the risk model. Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nycvar.OFS.7.76.1712190917390.95772>