FC4 slimfast slimfest

Nicolas Mailhot Nicolas.Mailhot at laPoste.net
Fri Feb 25 07:16:55 UTC 2005

Le jeudi 24 février 2005 à 16:50 -0600, Jason L Tibbitts III a écrit :
>>>>>> "NM" == Nicolas Mailhot <Nicolas.Mailhot at laPoste.net> writes:
>NM> You do know that postfix design is a common example in advanced
>NM> security CS courses right ?
>What on Earth does that have to do with anything?  I'm sure advanced
>race mechanics study Ferrari engines, but I don't need one to drive to
>the store.
>I guess what you're trying to say is that all of the extra stuff that
>Postfix comes with is secure, so it doesn't hurt anything to have it
>on the machine.  That's something definitely contradicted by those
>advanced security CS courses you speak of.

I'd rather have a full-featured secure program than a small one full of
holes because it's never been widely deployed by people who care. If you
take a look a security advisories they are not limited to big software,
far from it.

Postfix is secure because 
1. it's well coded and
2. its multiple-processes design make it very difficult for an error to
propagate enough to be exploited
3. it's deployed widely enough on big setups any exploit would come to
light quickly. This wouldn't be the case of a small desktop-only util.
Who's auditing linux desktop systems nowadays ?

Small is beautiful. But that's not the only security factor you know.


Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20050225/296277ea/attachment.sig>

More information about the fedora-devel-list mailing list