> We won't run sendmail because of its security-hole-of-the-week
> phenomenon. Why would people pay money for it?
`What security hole of the week phenomenon?'
Neither of the last two releases of sendmail have fixed security
problems, because there were no known ones to fix. The last version
of sendmail released with a security fix was 8.8.6, released June
14th, 1997, more than nine months ago. The previous release before
that (which also fixed a security problem) was more than five months
earlier.
Sendmail was once insecure, yes. It was also once not as efficient
at delivering mail as exim and qmail are now. But sendmail has
pretty much kept up with the rest of the gang, despite the myth
that it hasn't. Eric Allman learned from sendmails mistakes in the
same way that the exim and qmail authors learned from sendmail's
mistakes.
(Sheesh! Next someone's going to be saying that Ethernet tops out
at 35% utilisation.)
cjs
Curt Sampson cjs@portal.ca Info at http://www.portal.ca/
Internet Portal Services, Inc. Through infinite mist, software reverberates
Vancouver, BC (604) 257-9400 In code possess'd of invisible folly.