Chuck Swiger writes:

>  There have been around 70 security issues mentioned since the
>  beginning of sendmail-8 circa 1993, or about six per year.
>  Recently, things have gotten better, but a dispassionate
>  evaluation of the security history of sendmail does not inspire
>  any great confidence that one can set up sendmail, leave it
>  unpatched, and expect the software to still be free of known
>  remotely-exploitable security problems two years later.

        Would you care to nominate an inherently network-accessible
program with such a track record?  For example: 5.2.1 was released
in late February; there are currently 12 security advisories*, of
which I would consider at least 5 to be part of the core system.
(As opposed to things in the base system, like BIND.)

                        Robert Huff

* - see "";

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to