[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why were all DJB's ports removed? No more qmail?
On 28 Aug 2001, D. J. Bernstein wrote:
> http://cr.yp.to/maildisasters/postfix.html simply reports the facts.
> Some of the facts are continuing events: the Postfix author never
> * posted an alert about this security problem, or
> * apologized for exposing his users to selective mail destruction, or
> * apologized for his false and misleading statements, or
> * took responsibility for his mistakes, or
> * offered cash rewards for security holes.
> All of these remain true. If they ever change, I'm sure the Postfix
> author will let me know, and I'll update the page accordingly.
> Postfix proponents who claim that my page is ``out of date'' are really
> trying to say that users should ignore the historical facts. This is a
> common argument from people who don't really care about security. If
> you've been fooled into using Sendmail, for example, and you're now
> asking crucial questions such as
> How exactly did OpenBSD ``audit'' Sendmail? How did this latest
> security hole slip past the ``audit''? What structures and procedures
> could have been put into place to prevent this disaster? For example,
> shouldn't large setuid programs be banned?
> you'll get non-answers like ``I can't believe you're attacking OpenBSD''
> or ``Don't worry about it! The bug is fixed now. OpenBSD is secure!''
``Why are you changing the subject?''
one holy war at a time, man!