Timo Schoeler wrote: > thus Eero Volotinen spake: > >>> Probably not, or someone would have found them in the last five years. >>> >> Probably yes, it's hard to security audit complex software packages. >> > > Yes; my bet would be that OpenBSD's smtpd will be the most secure MTA > (when it hits the streets for production). That does NOT mean that it is > scalable (well, yet to prove). > > >>>> At least I don't want to run software with poor security track on my >>>> public servers. >>>> >>> So you don't run the Linux kernel? Wade through the changelog sometime. Or >>> BIND? it is unrealistic to think large software packages don't have bugs or >>> that they won't be found and fixed over time. >>> >> I usually prefer softwares with good security track. Anyway kernel is >> not usually exposed directly to internet, >> > > An IP stack which is part of the kernel *is* (more or less) directly > exposed to the internet as long as there's the appropriate cable > connected to that machine. I am working on Smart Grid and am hearing talk about we can secure the Smart Grid with Layer 2 security and we are done. ARGH!!!! I gave a presentation on this at the 802 meeting last week. Sometimes I feel like I am beating on mush...