Hi Jason, On Thursday, November 29, 2001, 9:52:59 AM, you babbled something about:
JC> On Thu, Nov 29, 2001 at 03:48:32AM -0500, Brian Ashe wrote: : KM>> postfix instead of sendmail JC> : JC> : Sendmail is the most common mail server available. There is no lack of JC> : documentation. It has also been doing "better" than in the past. Postfix JC> : also just had a significant DoS against it as well and with it's increasing JC> : popularity, it may soon see more action on that front. Though I like it, I JC> : still tend to stick with Sendmail. JC> Yes, there was a DoS against Postfix, but Wietse had a patch to go along JC> with his announcement. Also, DoS != root compromise. How many times do JC> you need to see sendmail-induced root compromises (many even remote!)? I am quite aware of that. But, it proves that it is not the ultimate in programming as so many claim. I think it is excellent software, but if there are flaws in one place, should I assume that there can be no others? I would never recommend against using Postfix, but in the time it took Postfix to mature, Sendmail has done better then it used to. Trust me I was always quite frustrated with the frequent updates for root compromises. But upgrading was always easy enough (rpm -Uvh sendmail*.rpm) and since I pay attention, it put me at less risk. JC> : Postfix also is not GPL. It is under the IBM Public License. If you read it, JC> : you could see that there are certain provisions for commercial distribution. JC> : While they wouldn't stop you from distributing it, there are some interesting JC> : clauses that lawyers may be able to use against someone. Though I would not JC> : know how chancy that is, RH (and others) may have lawyers that recommend JC> : against it. JC> The IBMPL is OSI-approved. Presumably, they have lawyers that look over JC> licenses before agreeing that they are acceptable OSS licenses. Yes, but if you've read it, you would see that it is much more Debian friendly then RH, etc. friendly. The OSI rarely concerns itself with what legal liabilities a _commercial_ distribution might face for using a particular product in their distro. JC> : Plus when was the last time you saw M$ get hurt by including insecure JC> : software? It also works for Linux sometimes (like wu-ftpd, sendmail, etc.). JC> Umm... Maybe you haven't been paying that much attention to the news JC> recently? CodeRed? CodeRed-II? Nimda? Others? Perhaps you haven't JC> noticed the tons of analysts and columnists advising people to look JC> elsewhere? Have you been sitting at a table with the CFO, CEO, etc. of a company and tried to use those reports to sell them on Linux? They get an "Oh.", and that's about it. When the mind set changes in the top brass, they may have more impact, but until then those reports only can put people over the top if they were already on the edge (usually from the OS crashing). JC> It's a shame these efforts to guide the public elsewhere via widespread JC> mainstream journalism is so new. We can't yet measure the effects it will JC> have. My guess? Since a number of those making suggestions are analysts JC> for firms like Gartner, Forrester, etc., we'll be seeing results. Think JC> about how many IT organizations hang on every word from analysts - it's JC> a LOT. Yes, but the IT guys make few of the decisions (at least in most of the companies I've had to deal with. They can make recommendations, but often get ignored if the salespeople that come in are really good. And M$ salespeople are REALLY good at what they do. Do you know how many times I've had to hear, "No, we don't want to use Linux, we only want to use a real OS like Microsoft." XP has done more for getting people to take a look then all the bugs M$ has ever produced. Have fun, -- _________________________________________________________________ Brian Ashe CTO [EMAIL PROTECTED] Dee-Web Software Services, LLC. http://www.dee-web.com/ ----------------------------------------------------------------- You don't have to swim faster than the shark... You just have to swim faster than the people you're with. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
