Ted Cabeen <[EMAIL PROTECTED]> writes: > If we disregarded software that has had problems in the > past, sendmail would be dead and buried by now.
s/would/should I haven't looked at the code of either sendmail or qpopper myself, but all people I trust to be competent on the issue say that sendmail (or bind to name another example) has a bloated, crappy codebase that is impossible to manage with regard to security. Security problems don't just happen, they depend on the way you program. If a piece of software has had security issues in the past due to the code being bloated, unstructured, and messy, chances are it will have problems in the future. If a program is well-written, nicely structured, lean, and concentrates on the specific task it is supposed to accomplish (sendmail.conf is said to be a turing-complete programming language ;) you have a much better chance of security. Ciao, Jens
