William D. Colburn (aka Schlake) wrote: >Sendmail hasn't been a scary beast in many years. I remember saying that back in 1989... ;) > Yes, sendmail has a >scary history but we just shouldn't talk about that anymore because it >is all in the past. Don't you really mean "the hackers are not going after sendmail as much because there are bigger/easier/fatter/more attractive targets around?" ;) I suspect that's the case... > The new sendmail is maintained by competent >programmers who are trying to provide a first class MTA/MSA. I remember saying that in 1989, too. :) The finer things in life never change. :) But sendmail has. I suspect that if I took my old sendmail 4 code off of one of my TK-50 tapes, I'd find that the new sendmail is probably 40% more code than version 4. I'm sure that all that extra code isn't rife with security holes, but if you have a simple security problem you need to solve, it's best to use a simple tool rather than a rube goldberg device. Not that I'm trying to bash sendmail (I promised Eric that I'd stop doing that when I finished my first code-review of NCSA Mosaic) but I'm just old-fashioned enough that I'd rather run a security critical program that has no features and no privileges instead of one that has lots. But, hey, it's your call. :) mjr. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 07:26:19 PDT