> The conditions necessary to eliminate sendmail from hundreds of
> thousands of computers have been laid out. Redhat *wants* to ship
> qmail, but they need those conditions satisfied. Are you suggesting
> that there is no compromise worth ridding the world of hundreds of
> thousands of security disasters?
>
A nice compromise would be for Redhat to figure out how to do what it
wants, since it *wants* to ship qmail.
> It is entirely Dan's failure to act that has caused hundreds of
> thousands of *new* copies of sendmail to be installed. I don't think
> hysteria is a sufficiently extreme reaction.
>
Let's see. this endless argument seems to be hammering home that
Redhat feels that Sendmail + RPM is more secure than qmail without
RPM. Is there some evidence for this? All the evidence I can see
points in the opposite direction namely, that known 'vendor certified'
copies of sendmail, distributed with RPM are less secure than qmail as
distributed under Dan's conditions. If you can provide evidence that
use of RPM magically reverses the security inequality between sendmail
and qmail, then I'm sure Dan would be willing to do something about
the situation. Until then, please, give it a rest.
sdb
