Re: Squirrelmail XSS + SQL security bug?
On Jul 5, 2004, at 2:05 PM, Henrique de Moraes Holschuh wrote:
Isn't this enough reason to demote squirrelmail to an "unstable-only"
package? I use it everywhere, and it will be an extereme hindrance
to me,
but we have to be realistic on these issues...
I would agree, squirrelmail (and I use it too!) and other similarly
large web applications do not have the foundation to be secure since
they have been put together over long periods of time. The latest
squirrelmail is pretty good in that regards but of course, that's out
of the option for woody, or maybe even sarge.
I've since stopped using the squirrelmail in debian and just set up an
equivs to handle my dirty work. It's not all that complex a .deb to
package and an equivs with a wget line would be almost as good a
replacement. :)
Squirrelmail is also rather trivial to upgrade without messing things
up. Aside from msfttcorefonts (or whatever it is...I don't use debian
on a desktop) are there other packages that just set up some
directories and then get the latest files from the net from the
upstream? Is that frowned upon?
-davidu
----------------------------------------------------
David A. Ulevitch - Founder, EveryDNS.Net
http://david.ulevitch.com -- http://everydns.net
----------------------------------------------------
Reply to: