Chuck Swiger writes:
> There have been around 70 security issues mentioned since the
> beginning of sendmail-8 circa 1993, or about six per year.
> Recently, things have gotten better, but a dispassionate
> evaluation of the security history of sendmail does not inspire
> any great confidence that one can set up sendmail, leave it
> unpatched, and expect the software to still be free of known
> remotely-exploitable security problems two years later.
Would you care to nominate an inherently network-accessible
program with such a track record? For example: 5.2.1 was released
in late February; there are currently 12 security advisories*, of
which I would consider at least 5 to be part of the core system.
(As opposed to things in the base system, like BIND.)
* - see "http://www.freebsd.org/releases/5.2.1R/relnotes-i386.html#SECURITY"
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"