Petri Sirkkala. said:
On Mon, 6 Mar 2000, Yasholomew Yashinski wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[snip]
So I tell you that you should use qmail because the latest sendmail is crackable. Is this true, or am I just spreading FUD? An exploit allows admins to try it on their systems.
I don't care if it is a FUD or not. I only react to those mails originating from SuSE or the real vendors of the programs. These are of course the parties that need the exploits to verify the bug, and then send the _official_ security issues.
Getting too dependant on SuSE would be Bad. Not that I don't appreciate their efforts to fix problems, or that they don't do a good job of it. I do, and from what I've seen they do. but What if SuSE got bought by Bill Gates, who then said "SuSE is the BEST, MOST SECURE Linux dist EVER, and always will be! Send me your $$$." So the week after, sendmail gets hacked. But BG says, "We already fixed that in MY dist! We're the best! Send me more $$$!" So, how do you tell if you're _really_ hackable or not? How long should you have to wait to find out? If I'm responsible for the security of my system, I want to know _now_, both so I can fix the problem in a timely manner and so I can tell if ol' Bill is lying to me so I can take my business elsewhere. -John