Procmail got updated!
Roger Marquis
marquis at roble.com
Tue Dec 19 17:26:49 UTC 2017
>> Can certainly sympathize depending on the threat model, but how is that
>> any different from Equifax' not having time to patch Struts or not
>> having time to change the oil in your car or to brush your teeth ...
>
> That's a non-sequitur if I understand the response correctly. Procmail IS
> patched and I assume applied. So yes mom, teeth are brushed.
Correct from a 'known risk only' perspective but isn't code that is a)
largely unauditable and b) hasn't been maintained for a long time
considered vulnerable regardless of published vulnerabilities?
Perhaps not unlike brushing your teeth only when the dentist finds a
cavity, it doesn't fundamentally change the risk model.
Roger
More information about the freebsd-ports
mailing list