On Wed, Jun 16, 2004 at 02:57:47PM -0400, Robert Huff wrote:
> Chuck Swiger writes:
> > There have been around 70 security issues mentioned since the
> > beginning of sendmail-8 circa 1993, or about six per year.
> > Recently, things have gotten better, but a dispassionate
> > evaluation of the security history of sendmail does not inspire
> > any great confidence that one can set up sendmail, leave it
> > unpatched, and expect the software to still be free of known
> > remotely-exploitable security problems two years later.
> Would you care to nominate an inherently network-accessible
> program with such a track record? For example: 5.2.1 was released
> in late February; there are currently 12 security advisories*, of
> which I would consider at least 5 to be part of the core system.
> (As opposed to things in the base system, like BIND.)
Postfix and Exim. I found no security advisories for either on the CERT
website; that actually covers their entire lifecycles.
Jim Trigg, Lord High Everything Else O- /"\
\ / ASCII RIBBON CAMPAIGN
Hostmaster, Huie Kin family website X HELP CURE HTML MAIL
Verger, All Saints Church - Sharon Chapel / \
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"