On Fri, 6 Feb 2004, Henry Baragar wrote: >Did you see the article on Dovecot in this month's Sys Admin Magazine >(http://www.samag.com/articles/2004/0402/) on Network Security? Its a >shame that bincIMAP was not featured instead since I am more comfortable >with its security model than the one designed for Dovecot (and security >was the theme of the issue).
Yes, a shame indeed. A couple of thoughts about Dovecot. Dovecot claims security, and some admins like this. Seems technical journalists do anyway ;-). Claiming security is pointless and dangerous. It invites admins who require a rock solid server to make the wrong choice. I'm not saying Dovecot is insecure, but there is nothing with Dovecot that backs up the "secure imap server" claim, any more than Cyrus, Courier-IMAP and Binc IMAP. In fact, Dovecot is developing the same way that Courier-IMAP did (need a feature? o-kay! need a pop server? o-kay!) and I see no reason to believe that it'll end up any better. One of Dovecot's greatest features, which attracts the most users from what I can tell, is its mbox (unix spool) support. Unfortunately this also seems to be one of the most frequently broken features of Dovecot. I'm not claiming anything here, that's not my style. Just look up the archives on Dovecot and see how many times Timo's rewritten stuff from scratch. The next most popular feature of Dovecot is indexing support. Now look up the archives and look for the term "+index +corrupt" ;-). >I am considering writing a letter to Sys Admin to promote the features of >bincIMAP. Does anybody else have any thoughts about how we can raise the >awareness of bincIMAP, particularly with respect to security? I'm working on a rewrite of the web pages. Binc IMAP will profile itself more clear than today, but still with the same message, appealing to administrators' common sense rather than gullible buzzloving. Numbers instead of claims, facts instead of fiction. Unique features of Binc IMAP that could be promoted are the devotion to proper design, the restricted release cycle, the openness, readability and cleanliness of the code, and the goals about proper treatment of its wonderful community. As author, I have no focus on stealing Cyrus/Dovecot/Courier-IMAP/uw-imap admins and converting them to Binc IMAP. What I do have a focus on is to provide a rock solid, simple to use IMAP server that just works, and works the way it should work. Andy :-) can't stand empty big talk.. -- Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg Author of Binc IMAP | "It is better not to do something http://www.bincimap.org/ | than to do it poorly."
