[olug] Amateur Fortress Building in Linux

Daniel Pfile pfiled at marietta.edu
Mon Sep 11 01:56:08 UTC 2000


On Sun, 10 Sep 2000, Phil Brutsche wrote:

> 
> The link?

See the link in my previous email...

> 
> There hasn't been one (security problem in bind) in nearly a year.  
> Granted, there haven't been many new bind releases in the last year (I'm
> not counting bind 9 betas).  The only people having security problems with
> bind are the "lazy" ones who haven't upgraded.
> 
True, the bind comment was sorta off hand. It's still nice to see
something other than bind out there though.

> 
> Security guarantee?  I find that hard to believe.
> 
> There's more to security than buffer overflows.
> 
He holds contests sometimes to see if anybody can find a hole in his
software. No guarentee persay, but judging from the way qmail works for
security, I'd bet his other software is similar.

> Not necessarily.  Sometimes the mods are needed just to put the config
> files in sane places (why the hell are the qmail config files under
> /var/qmail/conf?).  Sometimes they're for bugfixes.
> 

I'm not sure why the config files are there. I kinda like the 'if it's not
broke don't fix it' policy. I personally run the qmail-ldap patches in
production boxen. Having to patch and compile is a pain, but not that much
of one. It would be nice if he bent his policy a bit tho.

Daniel 


---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net



More information about the OLUG mailing list