Chuck Swiger writes: > There have been around 70 security issues mentioned since the > beginning of sendmail-8 circa 1993, or about six per year. > Recently, things have gotten better, but a dispassionate > evaluation of the security history of sendmail does not inspire > any great confidence that one can set up sendmail, leave it > unpatched, and expect the software to still be free of known > remotely-exploitable security problems two years later.
Would you care to nominate an inherently network-accessible program with such a track record? For example: 5.2.1 was released in late February; there are currently 12 security advisories*, of which I would consider at least 5 to be part of the core system. (As opposed to things in the base system, like BIND.) Robert Huff * - see "http://www.freebsd.org/releases/5.2.1R/relnotes-i386.html#SECURITY" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"