Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FWTK and smap/smapd

From: Adam Shostack <adam () homeport org>
Date: Wed, 17 Jul 2002 10:40:58 -0400
On Wed, Jul 17, 2002 at 07:06:48AM -0400, Joseph S D Yao wrote:
| On Tue, Jul 16, 2002 at 06:02:49PM -0700, Russell Van Tassell wrote:
| > > (5) smap/smapd adds complexity to a mail server. Sendmail+smap/smapd
| > >     is about as complex as you can get. Either qmail or Postfix is
| > >     far, far simpler than sendmail alone, let alone
| > >     sendmail+smap/smapd. Simple is good. It works better.
| 
| By the same token, ANY of the MTAs is 'way to complex to TRUST as a
| mail proxy.  Smap and smapd are sufficiently simple that I could read
| and grok them even after all the added cruft.  Then use MTA of choice
| (and your choice may differ from mine) to deliver the mail.

But have you?

Don't get me wrong: The availability of source is great.  The
simplicity of a program is a big win, regardless of if the program has
been audited.  But I think that we need actual audits.  I'm starting
to think that such audits may be a public good, and worth encouraging
the government to spend money on, because lord knows the private
sector isn't.  (Or at least, they're not sharing.)

Adam




-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: