Re: qmail and related packages in NEW
Moritz Muehlenhoff <jmm@inutil.org> writes:
> We've discussed this at the Security Team meeting in Essen and we don't
> have a problem with qmail being included in Lenny.
You are aware of upstream's attitude towards security holes? There are
lots of assumptions like "nobody will ever do ...".
E.g, quoting from http://cr.yp.to/qmail/guarantee.html :
In May 2005, Georgi Guninski claimed that some potential 64-bit
portability problems allowed a ``remote exploit in qmail-smtpd.'' This
claim is denied. Nobody gives gigabytes of memory to each qmail-smtpd
process, so there is no problem with qmail's assumption that allocated
array lengths fit comfortably into 32 bits.
And as we all know, nobody needs more than 640 kB RAM anyway :-)
Bjørn
--
If you've seen one Jewish grandmother, you've seen them all, huh? So,
Mexican people are inherently superior to old people
Reply to: