[olug] Amateur Fortress Building in Linux
Daniel Pfile
pfiled at marietta.edu
Mon Sep 11 01:56:08 UTC 2000
On Sun, 10 Sep 2000, Phil Brutsche wrote:
>
> The link?
See the link in my previous email...
>
> There hasn't been one (security problem in bind) in nearly a year.
> Granted, there haven't been many new bind releases in the last year (I'm
> not counting bind 9 betas). The only people having security problems with
> bind are the "lazy" ones who haven't upgraded.
>
True, the bind comment was sorta off hand. It's still nice to see
something other than bind out there though.
>
> Security guarantee? I find that hard to believe.
>
> There's more to security than buffer overflows.
>
He holds contests sometimes to see if anybody can find a hole in his
software. No guarentee persay, but judging from the way qmail works for
security, I'd bet his other software is similar.
> Not necessarily. Sometimes the mods are needed just to put the config
> files in sane places (why the hell are the qmail config files under
> /var/qmail/conf?). Sometimes they're for bugfixes.
>
I'm not sure why the config files are there. I kinda like the 'if it's not
broke don't fix it' policy. I personally run the qmail-ldap patches in
production boxen. Having to patch and compile is a pain, but not that much
of one. It would be nice if he bent his policy a bit tho.
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net
More information about the OLUG
mailing list