> Sure, in a corporate environment, but sendmail is still > the smtp mailer of choice for linux distro's, it's installed > by default on redhat and probably others, millions of > normal users will be runnning it.
So? Those millions will all be safe, as the sendmail shipped with Linux distributions will ba as safe as it gets. Only people who download the source and compile themselves have been at risk in this case, a minute minority. If you waited 3 days after downloading source before using it you should be reasonably safe too. A repository getting hacked doesn't take 3 days to be discovered. Crypto sigs would go a long way. > I'm interested to see how long until someone cracks an > apt or up2date repository and really makes a mess :-) One reason I dislike installing via dowload. Distros without crypto sigs on all packages suck for that anyway. Even then, my bet is the mess would be minimal, there just isn't a potential to affect a lot of sites quickly. All this about sendmail being trojaned is a big hype Microsoft will be sure to make use of. Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.orcon.net.nz/ Please do not CC list postings to me.
