"David Phillips" <david at acz.org> wrote: > Consider this: qmail, one of the most widely deployed MTAs, has never > had a security hole. It was first released in January of 1996. Hmm... I searched the iss.net[1] site and came up with a few "not quite a security bug in qmail" results. DJB excludes DOS attacks from his idea of a "security bug" with a fairly reasonable explaination[2]. All-in-all, qmail has performed well throughout its history wrt to security. Too bad DJB can't relax his distribution restrictions, but that's getting off topic. You know, I find myself agreeing with David (wow!) in regards to secure programming. It's a methodology that programmers follow. Any language has it's security risks, some more than others. If the programmer uses the correct methodology and approach to writing software, security problems are often mitigated before they have a chance to be distributed. Often is the key word here. The most concientious programmer can still slip up occassionally; we are fallible. That being said, as an end-user of software, you should be wary of that which you run on your systems. No one can escape the need to be security conscious. Use the best software for your problem set; keep up to date on security bulletins and software updates; and monitor your operating environment. References ========== 1. http://www.iss.net/security_center/search.php?type=2&pattern=qmail&Submit=Search 2. http://cr.yp.to/qmail/guarantee.html -- Chad Walstrom <chewie at wookimus.net> http://www.wookimus.net/ assert(expired(knowledge)); /* core dump */ _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list