Re: pop mail recommendations

To: debian-security@lists.debian.org
Subject: Re: pop mail recommendations
From: Jens Grivolla <j-news2002-12@grivolla.de>
Date: Sat, 07 Dec 2002 19:22:15 +0100
Message-id: <87lm31sn8o.fsf@msgid.grivolla.de>
References: <20021206111808.GA721@polarbear.telelev.net> <87BB0D22-0908-11D7-AB01-0003931D9B5A@tedroby.com> <3DF084DE.627122D0@nodo50.org> <20021206174938.3684A22@gray.impulse.net>

Ted Cabeen <ted@impulse.net> writes:

> If we disregarded software that has had problems in the 
> past, sendmail would be dead and buried by now.

s/would/should

I haven't looked at the code of either sendmail or qpopper myself, but
all people I trust to be competent on the issue say that sendmail (or
bind to name another example) has a bloated, crappy codebase that is
impossible to manage with regard to security.

Security problems don't just happen, they depend on the way you
program.  If a piece of software has had security issues in the past
due to the code being bloated, unstructured, and messy, chances are it
will have problems in the future.  If a program is well-written,
nicely structured, lean, and concentrates on the specific task it is
supposed to accomplish (sendmail.conf is said to be a turing-complete
programming language ;) you have a much better chance of security.

Ciao,
   Jens

Reply to:

References:
- Re: pop mail recommendations
  - From: Sven Hoexter <sven@telelev.net>
- pop mail recommendations
  - From: Ted Roby <secalert@tedroby.com>
- Re: pop mail recommendations
  - From: andres <andres@nodo50.org>
- Re: pop mail recommendations
  - From: Ted Cabeen <ted@impulse.net>

Prev by Date: Re: Too make a long story short...
Next by Date: Re: Pop mail virtual user security [LONG]
Previous by thread: Re: pop mail recommendations
Next by thread: Re: pop mail recommendations
Index(es):
- Date
- Thread