Brad Knowles wrote in reply to a posting: >And I'm not at all convinced that "security problems are not a >problem, with Debian" or any other OS, for that matter. Especially >not with an old binary package that is based on old code that is >known to have security flaws.
When I was comparing the sources for Ubuntu/Debian Mailman 2.1.5 against the SourceForge 2.1.9 source, I had to check the three security patches in 2.1.9. Two of the patches matched; one was completely different (different code in a different module). I do not have enough knowledge of the internals of Mailman to be able to determine if this third patch resolved the security problem. I ended up building my own Ubuntu package from the 2.1.9 SourceForge source, in the process eliminating almost all of the Debian/Ubuntu patches. The patches were, for the most part, undocumented, so I had no idea exactly what they did. Nor did I know if they would fit into the 2.1.9 source, as some of the patches were based on pre-2.1.5 code. ---------------------------------------------------------------------- Barry S. Finkel Computing and Information Systems Division Argonne National Laboratory Phone: +1 (630) 252-7277 9700 South Cass Avenue Facsimile:+1 (630) 252-4601 Building 222, Room D209 Internet: [EMAIL PROTECTED] Argonne, IL 60439-4828 IBMMAIL: I1004994 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
