Re: [exim-dev] Development blockage...

Top Page
Delete this message
Reply to this message
Author: Florian Weimer
Date:  
To: David Woodhouse
CC: exim-dev, Alex Kiernan, Jaco van der Schyff, Nigel Metheringham
Subject: Re: [exim-dev] Development blockage...
* David Woodhouse:

> I'm sure that those who maintain the Exim package in Linux (and other
> OS) distributions will also step up where necessary. I certainly
> expect to.


Debian will code security fixes on their own if necessary, provided that
they don't involve conceptual changes (to cope with protocol bugs, for
instance).

The main question I see from a security POV is if there is
infrastructure in place for coordinated disclosures of security
vulnerabilities. Even if it doesn't make a difference in practice, it's
usually a good idea to have official patches ready when a security
vulnerability is disclosed, and you need to prepare some infrastructure
(at the very least, a well-published mail alias with real people
acknowledging reports in a timely manner).