Favorite DNS?

Steve Meyers steve-plug at spwiz.com
Tue Jul 24 22:59:41 MDT 2007


Andy Bradford wrote:
> Imagine...  qmail-1.03 was  released over  10 years ago  and none has
> yet to find  an exploitable security  hole. His code is extremely
> clean.

I used qmail for a while.  Yes, qmail 1.03 was released 10 years ago, 
and has no known holes.  It also is completely unusable in a modern 
email environment.  The only way to make it usable is to apply 
megapatches to it that add all of the functionality you need.  Once you 
apply the megapatches, how do you know you're secure?  That was my 
experience as of five years ago.  I stopped using qmail because it was 
too much of a pain to get SMTP auth working, along with the other 
features I needed.

What bugs me about DJB is that he releases some software, perfects it 
(in his mind), and then completely ignores it.  qmail is great, in 
theory.  I would love to use it, but it's too much of a pain, and I 
can't really trust it.

There's one other thing that bugs me.  He's not serious about helping 
people be secure.  If he was serious, he would make it easy for his 
software to be distributed to as many people as possible.  Instead, he 
puts silly limitations on distribution that are primarily aimed at 
protecting his overly large ego.  I would love to use his software, 
because I do like the approach he takes to security, but it's just not 
practical.



More information about the PLUG mailing list