Ted Cabeen <[EMAIL PROTECTED]> writes:
> If we disregarded software that has had problems in the
> past, sendmail would be dead and buried by now.
s/would/should
I haven't looked at the code of either sendmail or qpopper myself, but
all people I trust to be competent on the issue say that sendmail (or
bind to name another example) has a bloated, crappy codebase that is
impossible to manage with regard to security.
Security problems don't just happen, they depend on the way you
program. If a piece of software has had security issues in the past
due to the code being bloated, unstructured, and messy, chances are it
will have problems in the future. If a program is well-written,
nicely structured, lean, and concentrates on the specific task it is
supposed to accomplish (sendmail.conf is said to be a turing-complete
programming language ;) you have a much better chance of security.
Ciao,
Jens
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]