Subject: Re: no mention of NetBSD in CERT(sm) Advisory CA-96.24 (Sendmail Daemon Mode Vulnerability)
To: None <current-users@NetBSD.ORG, woods@web.net>
From: Arne H. Juul <arnej@pvv.ntnu.no>
List: current-users
Date: 11/22/1996 00:28:37
> Is NetBSD ready to finally give up on sendmail because of the constant
> stream of security holes it creates? [0.25 ;-)]
> BTW, "252 send some mail, i'll try my best" in response to a VRFY on the
> mail host for netbsd.org isn't very helpful or courteous. Can it not do
> better?
These two statements together are very funny. The reason why you get
the 252 response is exactly because it's not running sendmail anymore,
and it's precisely the security considerations that makes it impossible
to "do better".
While I don't think NetBSD should stop shipping sendmail as part of
the distribution, it's definitely time to consider shipping Something
Else (TM) as part of the distribution as well.
- Arne H. J.