-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Han Boetes wrote: > Vincent Danen <[EMAIL PROTECTED]> wrote: > >>We can't just throw stuff out the window because it has a hole today >>and has had one over a year or two years ago. That's just silly. Why >>aren't we jumping up and down about ditching php? Or apache? Or cups? >>Or XFree86? Or bind? Or openldap? The list goes on. All of those have >>been updated within the last 1-2 years as well, some many many times. > > It's also about the magnitude of the hole. How big are the chances they > will be found again. The recent ssh-hole was technically speaking a > remote crash, not nice but nothing dramatic. You still have to patch it > but that's something I can live with. > On the other hand a remote root is a remote root and that is something > I really would like to avoid. > > Once more. The size of the hole is more important than how often people > require you to patch.
Well, then by it's history over the past year, sendmail should be the first kicked out the distro (3 potential remote root vulnerabilities plus another 2 DOS vulnerabilities). And I don't think there is much reason feature-wise to choose sendmail over postfix. I think second on the list would be samba, but I don't suppose anyone is going to propose a replacement ... (no, samba-tng doesn't count ...). BTW, a lot of the issues could be resolved if there were a standard mechanism for contrib updates. Vince, I think this was about the time you said we could start discussing it? Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/dAL5rJK6UGDSBKcRAjfQAKDM4/DagwFWp7DJ4zK1VDH+HXMSAQCgtR5c DhJC4fxzRNW8O6tGy2qzEsA= =BsZS -----END PGP SIGNATURE----- ***************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. *****************************************************************
