[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Squirrelmail XSS + SQL security bug?

On Jul 5, 2004, at 2:05 PM, Henrique de Moraes Holschuh wrote:
Isn't this enough reason to demote squirrelmail to an "unstable-only"
package? I use it everywhere, and it will be an extereme hindrance to me,
but we have to be realistic on these issues...

I would agree, squirrelmail (and I use it too!) and other similarly large web applications do not have the foundation to be secure since they have been put together over long periods of time. The latest squirrelmail is pretty good in that regards but of course, that's out of the option for woody, or maybe even sarge.

I've since stopped using the squirrelmail in debian and just set up an equivs to handle my dirty work. It's not all that complex a .deb to package and an equivs with a wget line would be almost as good a replacement. :)

Squirrelmail is also rather trivial to upgrade without messing things up. Aside from msfttcorefonts (or whatever it is...I don't use debian on a desktop) are there other packages that just set up some directories and then get the latest files from the net from the upstream? Is that frowned upon?


  David A. Ulevitch - Founder, EveryDNS.Net
  http://david.ulevitch.com -- http://everydns.net

Reply to: