On Tue, 2 Jan 2001, Kenneth Porter wrote:
> >_WHY_ are people updating from sendmail 8.6 to 8.9.3 instead of 8.11 or
> >8.12? 8.9 isn't supported anymore for starters....
>
> "If it ain't broke...." If you're not a full-time admin, it takes time
> to learn the migration issues. Migrating from 8.9 means files move
> around. What changes going from 8.10 to 8.11?
Migrating from 8.6 means files move around too.
8.10 -> 8.11 brings in TLS(*) and a bunch of stability fixes.
(*) Fully encrypted smtp transfer(**). No more plaintext on the wire.(***)
(**) Sendmail had a readily accessable detailed howto for this, which
they've pulled in favour of trying to sell a GUI solution for US$1300.
The original stuff is now lurking down under http://www.sendmail.org/~ca/
(***) Recall my previous comments about pop-before-smtp and smtp-auth
solutions passing plaintext passwords or plaintext messages which may
contain sensitive company data across public circuits - Given the
existance of the UK's RIP laws and USA's Carnivore plus industrial
espionage allegations tossed at both the USA's Echelon network and
France's equivalents (let alone the networks we don't know about****),
one should regard this as dangerous practice.
When the USA relaxed crypto laws, strong encryption on message transfer
was rolled into Sendmail 8.10 almost immediately and resulted in it
moving to 8.11 betas within weeks.
(****) No, I don't feel particularly paranoid about this. I've had the
contents of my phone calls read back to me as a log file in the past and
I don't expect governments would reduce their indiscriminate
intelligence-gathering activities given the ease and anonymity of
sniffing SMTP traffic - or ny other non-encrypted protocol for that
matter.
AB
