Re: Should we just remove openwebmail?

To: Matej Vela <vela@debian.org>
Cc: debian-qa@lists.debian.org
Subject: Re: Should we just remove openwebmail?
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 29 Apr 2005 13:21:57 +0200
Message-id: <[🔎] 20050429112157.GA7123@informatik.uni-bremen.de>
In-reply-to: <[🔎] 20050429100705.GP10865@irb.hr>
References: <[🔎] 20050428132021.GA28482@daedalus.andrew.net.au> <[🔎] 20050429100705.GP10865@irb.hr>

In debian-qa you wrote:
>> So I'm personally inclined not to let it linger for a while on the grounds
>> that it's got security issues, and just get it the hell out of the archive.
>> It's not like Debian's short of webmail packages.
>
> I stopped looking at this point.  The code is rife with vulnerabilities, and
> needs to be audited line by line; I'm not sure this is likely anytime soon.
> I think we should remove it.  (It can always be added back if it's fixed.)

Additionally it requires to be run with suidperl and the package currently
in sid even runs suid root.

Cheers,
        Moritz

Reply to:

References:
- Should we just remove openwebmail?
  - From: Andrew Pollock <apollock@debian.org>
- Re: Should we just remove openwebmail?
  - From: Matej Vela <vela@debian.org>

Prev by Date: Re: Should we just remove openwebmail?
Next by Date: Re: Small update on dhcp-dns
Previous by thread: Re: Should we just remove openwebmail?
Next by thread: Your meds
Index(es):
- Date
- Thread