Timo, I know that you're taking an effort to make sure that dovecot is written securely, but I was wondering if you've asked any third party to audit the code yet. I don't have the skills necessary to do this but I bet there is someone out there who does and might be willing to do so.
-sv
On Mon, 2003-01-13 at 17:12, Timo Sirainen wrote:
Would it be reasonable to ask on bugtraq?
What about Chris Evans? - he wrote vsftpd and audited a bunch of Red Hat's releases iirc. Maybe worth bugging him to see if he'd be willing to look it over?
-sv
On Tue, 2003-01-14 at 00:16, seth vidal wrote:
I don't really know who or where to ask. I'd be interested of getting people to audit Dovecot too.
I don't think it's a good idea to bug people with auditing requests, unless they've stated they don't mind. I usually audit only software that I use myself.
seth vidal wrote:
if he do that, than everybody accept it as "secure"..
-- Levente http://petition.eurolinux.org/index_html "The only thing worse than not knowing the truth is ruining the bliss of ignorance."
I don't think that's the point. The point is to have some fresh eyes go over code that is thought to be secure. Once audited, it doesn't mean Its any more secure, but at least were on the way to cover any if not most angles. Cheers,
./r
-----Original Message----- From: dovecot-bounce@procontrol.fi [mailto:dovecot-bounce@procontrol.fi] On Behalf Of Farkas Levente Sent: January 13, 2003 6:00 PM To: dovecot@procontrol.fi Subject: [dovecot] Re: security audit of the code
seth vidal wrote:
if he do that, than everybody accept it as "secure"..
-- Levente http://petition.eurolinux.org/index_html "The only thing worse than not knowing the truth is ruining the bliss of ignorance."
participants (5)
-
Farkas Levente
-
Rick Stewart
-
seth vidal
-
Seth Vidal
-
Timo Sirainen