Re: qmail and related packages in NEW

To: debian-devel@lists.debian.org
Subject: Re: qmail and related packages in NEW
From: Bjørn Mork <bmork@dod.no>
Date: Tue, 02 Dec 2008 10:41:22 +0100
Message-id: <[🔎] 874p1mdid9.fsf@obelix.mork.no>
References: <20081128181242.32463.qmail@6879aebe33b239.315fe32.mid.smarden.org> <20081128205101.14b7f4e9.codehelp@debian.org> <slrngj27cr.7uq.jmm@inutil.org>

Moritz Muehlenhoff <jmm@inutil.org> writes:

> We've discussed this at the Security Team meeting in Essen and we don't
> have a problem with qmail being included in Lenny.

You are aware of upstream's attitude towards security holes?  There are
lots of assumptions like "nobody will ever do ...".

E.g, quoting from http://cr.yp.to/qmail/guarantee.html :

  In May 2005, Georgi Guninski claimed that some potential 64-bit
  portability problems allowed a ``remote exploit in qmail-smtpd.'' This
  claim is denied. Nobody gives gigabytes of memory to each qmail-smtpd
  process, so there is no problem with qmail's assumption that allocated
  array lengths fit comfortably into 32 bits.

And as we all know, nobody needs more than 640 kB RAM anyway :-)

Bjørn
-- 
If you've seen one Jewish grandmother, you've seen them all, huh?  So,
Mexican people are inherently superior to old people

Reply to:

Follow-Ups:
- Re: qmail and related packages in NEW
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Free solutions for PDF annotations/shared reviews
Next by Date: Re: Bug#457318: qmail and related packages in NEW
Previous by thread: Re: qmail and related packages in NEW
Next by thread: Re: qmail and related packages in NEW
Index(es):
- Date
- Thread