[exim] Re: Exim Zero Day?

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Andreas Barth
Datum:  
To: exim-users
Betreff: [exim] Re: Exim Zero Day?
* Rainer Dorsch via Exim-users (exim-users@???) [231001 15:02]:
> Am Samstag, 30. September 2023, 10:34:14 CEST schrieb Andrew C Aitchison via 
> Exim-users:
> > Yesterday Heiko posted
> >         https://seclists.org/oss-sec/2023/q3/254
> > in one of the security lists.

>
> For me, it would be helpful if at least the timelines would be properly
> communicated to the users, not just that there is a timeline.
>
> That would make the decision easier to wait for a fix or to migrate to postfix.


haha, funny. It's usually the same for *every* security bug in every
component: the distributors get the fixes beforehand, so that everyone
get the fixed packages at the same time. And of course, the timelines
are though usually, but being able to roll out working packages is it
worth IMHO. (The exception are just bad maintaned products, but exim
seems to do well here.)

Please note that I don't know more about exim than being an user, but
I have seen the security side as debian release manager for quite many
software products. And I doubt much that postfix would do it much
different.


Andi

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/