* David Woodhouse: > I'm sure that those who maintain the Exim package in Linux (and other > OS) distributions will also step up where necessary. I certainly > expect to.
Debian will code security fixes on their own if necessary, provided that they don't involve conceptual changes (to cope with protocol bugs, for instance). The main question I see from a security POV is if there is infrastructure in place for coordinated disclosures of security vulnerabilities. Even if it doesn't make a difference in practice, it's usually a good idea to have official patches ready when a security vulnerability is disclosed, and you need to prepare some infrastructure (at the very least, a well-published mail alias with real people acknowledging reports in a timely manner). -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
