> > Probably not, or someone would have found them in the last five years. Probably yes, it's hard to security audit complex software packages. > >> At least I don't want to run software with poor security track on my >> public servers. > > So you don't run the Linux kernel? Wade through the changelog sometime. Or > BIND? it is unrealistic to think large software packages don't have bugs or > that they won't be found and fixed over time. I usually prefer softwares with good security track. Anyway kernel is not usually exposed directly to internet, but some server software are directly. -- Eero