There's a thread discussing Dan's ``Some thoughts on security after
ten years of qmail 1.0'' paper, but I haven't seen any mention on the
slides to the corresponding talk[1]. Namely, page 10 says:
2007.11: $500 -> $1000;
qmail placed into public domain.
Does this mean what I think it does? 
[1] http://cr.yp.to/talks/2007.11.02/slides.pdf
Matthew Dempsky writes: > There's a thread discussing Dan's ``Some thoughts on security after > ten years of qmail 1.0'' paper, but I haven't seen any mention on the > slides to the corresponding talk[1]. Namely, page 10 says: > > 2007.11: $500 -> $1000; > qmail placed into public domain. > > Does this mean what I think it does?Yes. So ... should we rename netqmail-1.05 to qmail-1.06 and include SMTP-AUTH and TLS in it? -- -- --my blog is at http://blog.russnelson.com | People have strong opinions Crynwr sells support for free software | PGPok | about economics even though 521 Pleasant Valley Rd. | +1 315-323-1241 | they've never studied it. Potsdam, NY 13676-3213 | Sheepdog | Curious how that is!
On Sun, 4 Nov 2007 20:02:04 -0500 Russ Nelson <nelson <at> crynwr.com> wrote:> Yes. So ... should we rename netqmail-1.05 to qmail-1.06 and include > SMTP-AUTH and TLS in it?Yes to the SMTP-AUTH/TLS. No to the renaming. If qmail is in the public domain, anyone can release a qmail-1.06. netqmail already has brand recognition. j
John Gateley wrote: > Yes to the SMTP-AUTH/TLS. No to the renaming. If qmail is in the public domain, > anyone can release a qmail-1.06. netqmail already has brand recognition. > >I agree - netqmail-1.06 with TLS (with client certs support for both qmail-smtpd and qmail-remote), and SMTP-AUTH (including qmail-remote), and recipient checking (no-one should be running an edge SMTP server without that these days [sorry Dan - that's the truth!]). Also, was RFC-2821 support (i.e. making qmail try other MX records on 4XX status) ever made part of netqmail? Hmmm, starting to sound like a wish list, MUST... RESIST!!!... -- -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Jason Haar writes: > I agree - netqmail-1.06 with TLS (with client certs support for both > qmail-smtpd and qmail-remote), and SMTP-AUTH (including qmail-remote), > and recipient checking (no-one should be running an edge SMTP server > without that these days [sorry Dan - that's the truth!]). Yes, JohnL asked for that, too. And others have pointed out that netqmail should persist. > Also, was RFC-2821 support (i.e. making qmail try other MX records on > 4XX status) ever made part of netqmail? No. -- -- --my blog is at http://blog.russnelson.com | People have strong opinions Crynwr sells support for free software | PGPok | about economics even though 521 Pleasant Valley Rd. | +1 315-323-1241 | they've never studied it. Potsdam, NY 13676-3213 | Sheepdog | Curious how that is!
+ "Matthew Dempsky" <matthew <at> dempsky.org>:> There's a thread discussing Dan's ``Some thoughts on security after > ten years of qmail 1.0'' paper, but I haven't seen any mention on the > slides to the corresponding talk[1]. Namely, page 10 says: > > 2007.11: $500 -> $1000; > qmail placed into public domain. > > Does this mean what I think it does?Well, he probably didn't put it there by mistake. But the month isn't over yet, and he hasn't changed http://cr.yp.to/qmail/dist.html yet, - Harald
RSS Feed