Nigel Metheringham schrieb:
> * Exim is a large (normally) setuid daemon with lots of
> privileges.
It would be a tough job to change that. Even if exim currently works in
a "somehow" modular manner (reexecuting itself, with special options).
> * No matter how good we are, exim *will* have security issues.
That's something you cant avoid, and it WILL happen from time to time.
The question is how fast the developers can fix the issue, and make a
new release.
> * We need to have processes to:-
> * Inspect committed code for security issues
David mentioned a public CVS-List, that could be a good starting point,
the problem is that noone can look for all patches that come in.
> * Ensure released code is not compromised
> * Accept security reports in a timely fashion
> * Engineer security fixes without (if possible) giving
> those who might attack vulnerable installations an
> advance attack period.
That would be the problem with a public CVS-List or cvs in general,
you'll give away information before you can do the release.
> We also need to think through the ways of handling security issues - we
> do not have any good means to ensure that someone is always available
There could be an special address, security@???, that aliases to
all developers. The developers can then start to discuss about this on a
internal mailinglist. Something like this should not be bound to one
single person.
Nico
