On Feb 22, 2007, at 12:16 PM, Allen Brooker (AllenJB) wrote:
While undoubtedly still a definite option to consider, how much
longer can an application that to my knowledge has to have patches
applied before it can even compile on a modern/currrent linux
system last?
As far as I can tell, qmail is now unmaintained by djb and the
website doesn't appear to have been updated recently (at a guess,
atleast in the past couple of years). On top of this, qmail's
license unfortunately means that no one can take over qmail or fork
it any way (would a "fully featured" fork that some admins seem to
want be such a bad thing?)
While there's nothing inherently wrong with applying patches to a
base code set, applying patches, especially patches on top of
already patched code, surely introduces an inherent risk of
introducing bugs and other flaws that might be avoided if the
patches were being submitted to a central code base which evaluated
each patch before applying it to a central code base?
While djb's security guarantee looks good, how can I know that if
there is a vulnerabiltiy found, that it will be patched in a timely
manner and in a way that won't compromise the security or stability
of qmail further? How can I know that vulnerabilities haven't
already been found and just been ignored / lost because djb has no
time to maintain qmail?
Yes, this post possibly reads as inflamatory (tho I didn't intend
it to be so, but the lack of tone and emphasis on the net can lead
to misinterpretations). Yes, I am uninformed, that's why I'm asking
- answer my questions and inform me. =)
AllenJB
Allen/ Sasa,
I see nothing wrong with your questions, however I am not sure if
this is the location to ask them. I have seen this discussion
repeated before and while I may be wrong (and i rest assured that if
I am I will be corrected) but I dont think it is the goal of people
on this list to convince anybody why qmail is or is not the right
choice for their network. I believe the list is more for helping
those who have decided to use it and need help with using it. If I
am wrong I apologize.
-Jeff
Sasa Ugrenovic wrote:
Ok .. i have a question.
Is qmail usable ? I used qmail for 5 years before I switched to
postfix.
I hope DJB reads this, because qmail is obsolete... you have to
apply a million patches (which have backward compatibility issues)
to have a decent functional SMTP.
Greylisting, helo checks, blabla ..
This is not a flamebait, i still use qmail/vpopmail on servers
behind my MX processor which doesn't run qmail, since I'm not a
zaelot.
Kind Regards,
Sasa
On Wed, 21 Feb 2007 20:23:03 -0800
Jos Backus <jos@catnook.com> wrote:
Congratulations, Dan. On to the next 10 years...
----- Forwarded message from "D. J. Bernstein"
<djb@koobera.math.uic.edu> -----
Date: 21 Feb 1997 21:38:51 -0000
From: "D. J. Bernstein" <djb@koobera.math.uic.edu>
To: djb-qmail@koobera.math.uic.edu
Subject: qmail 1.00 available
qmail 1.00 is available through http://pobox.com/~djb/qmail.html.
No code changes from 0.96. I have lots of cleanups scheduled, and
I'll
have to add IPv6 support someday, but 1.00 should be an adequate
MTA for
the next several years.
---Dan
----- End forwarded message -----
--
Jos Backus
jos at catnook.com
|