Procmail Vulnerabilities check

Kurt Jaeger lists at opsec.eu
Mon Dec 11 18:36:49 UTC 2017


Hi!

> if the majority of people install their systems via packages, that makes for
> a fairly common FreeBSD base across all users.

Why would a system installed via packaged be more homogenous than
one installed as base, and updated via freebsd-update ? I don't
understand this -- can you elaborate ?

> In closing, and more to the point regarding Sendmail; Sendmail has a nearly
> impeccable security record in at the last decade. It provides a *secure*,
> more powerful, and more flexible MX on the cheap. I see little reason to
> consider it an attack vector. Which makes *security*, and it's related
> maintenance a pretty poor argument, for it's removal.

The argument is: The update process for base is more complex
than for packages, and we've come a long way to have a very
nice pkg-system, in general. The mid-term plan is thus to package base, too.

Packaging base means sensible packages have to be defined, and
sendmail suits a package very well.

-- 
pi at opsec.eu            +49 171 3101372                         3 years to go !


More information about the freebsd-ports mailing list