[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: qmail and related packages in NEW

Moritz Muehlenhoff <jmm@inutil.org> writes:

> We've discussed this at the Security Team meeting in Essen and we don't
> have a problem with qmail being included in Lenny.

You are aware of upstream's attitude towards security holes?  There are
lots of assumptions like "nobody will ever do ...".

E.g, quoting from http://cr.yp.to/qmail/guarantee.html :

  In May 2005, Georgi Guninski claimed that some potential 64-bit
  portability problems allowed a ``remote exploit in qmail-smtpd.'' This
  claim is denied. Nobody gives gigabytes of memory to each qmail-smtpd
  process, so there is no problem with qmail's assumption that allocated
  array lengths fit comfortably into 32 bits.

And as we all know, nobody needs more than 640 kB RAM anyway :-)

If you've seen one Jewish grandmother, you've seen them all, huh?  So,
Mexican people are inherently superior to old people

Reply to: