On Tue, 24 May 2005 10:51:30 +0000 (UTC), Thorsten Glaser wrote: >Rod.. Whitworth dixit: > >>You really believe those UW people really can consider something unsafe > >It was considered so by the OpenBSD porter. UTSL.
You didn't get the idea. I'm not claiming Courier-Imap is perfect. I just wondered how somebody who has a string of alerts of his own can regard anything else as unsafe. When someone provides evidence that his performance claims are wafty he comes out with FUD. Maybe we should say "Pot, meet Kettle" or "Physician: Heal Thy Self" > >>before they clean up their own exploit history? Insane? The sky is >>falling! I don't know about many IMAP servers but I know that UW-IMAP >>is considered less than favourably in many circles. > >Prove an exploit. I don't do that stuff (go test exploits) but seeing that I heard abourt several alerts whilst teaching Linux stuff at IBM I just asked Mrs Google to remind me and early in her answer I saw some stuff I vaguely remembered plus a recent one. The Cheez Wizz 1998 alert. The several buffer overflows detected in June 2001 The CRAM-MD5 problem of February THIS YEAR. > >>which shows you just what a nice guy Crispin is, eh? He really is the >>right guy to write RFCs, is he? > >Now you're getting personal, eh? Sounds like FUD to me. >By the way, he DOES happen to have "invented" IMAP. No. HE was getting personal if you bother to read the docs. Inventing a protocol doesn't make hime god. It sounds like he thinks that he is the only one he trusts to know what it means. > >>(yeah, I know, DJB can be a bit of a Grumpy Old Man (to steal the title >>of a great TV series from GB) but I'd never take him for stupid. Mark, >>on the other hand lets his ego get in the way of reality and secure >>programming methods too, it seems to me. > >You know, the pine suite (including imapd, mailutil etc.) >is not being written by one man. So? Neither is OpenBSD, So? But seeing you bring PINE into it: Is it true or false that PINE uses an undocumented extension (SCAN) tha UW-IMAP has and therefore fails with other IMAPDs that don't? > >Oh, and I've only replied because I think that it is >monoculture which sucks. I've never seen a tool handle >such a variety of both environments and mail formats >as mailutil (libc-client). > And UW-IMAP cannot handle maildirs. Unless you use an "illegal" non-Crispin addition. >bye, >//mirabile >-- <snip overlong sig> > Fortunately I think ALL IMAP sucks so I don't really care if they all get toasted. When you set up email services for hosting providers the last thing you need is for clients to have a way to have mbox files in excess of a gig that their MUA is checking every 60 seconds, but they will do it and complain about quotas and threaten to take all their corporate webservers elsewhere if they have to be more reasonable. POP3 with enforced deletes removes that unreasonable expectation..... ~|^ = >From the land "down under": Australia. Do we look <umop apisdn> from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
