Re: [exim-dev] removal of PCRE

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Geraint Edwards
Datum:  
To: Mike Pellatt
CC: exim-dev
Betreff: Re: [exim-dev] removal of PCRE
Mike Pellatt <mike@???> said
        (on Thu, Jan 17, 2008 at 03:47:40PM +0000):

> FWIW, I used to be a "roll-my-own" exim user. But as once decent rpm's
> and other packaged versions came along I moved across to those,
> [...]
> If I was still roll-my-own, I'd nevertheless support this move.


I'm the same, on the boxes I own.

However, there is a non-techie issue worth saying explicitly...

I've introduced exim as the MTA-of-choice to clients who like to
security-approve[1] all installed programs, and typically they build from
source to avoid introducing extra potential security holes which may creep
in at the packaging step.

If PCRE is going to be a separate install, then it probably means an extra
(potentially show-stopping, time-taking, bureaucractic, possibly redundant)
hoop or two to jump through to get it security approved in those organisations.

Such exim users can be good adverts for exim's widespread use (one client
was a very large ISP), and forcing them to try to consider this extra
paperwork should be considered a small risk.

On balance, though, I'm definitely *for* the de-coupling.


[1]    not look at the code, exactly, but have security/risk documentation
    to say that they've considered doing so  ;-)
-- 
Geraint A. Edwards (aka "Gedge")
gedge@???