[dovecot] Re: security audit of the code

Rick Stewart disco at pervert.ca
Tue Jan 14 03:37:15 EET 2003


I don't think that's the point.  The point is to have some fresh eyes go
over code that is thought to be secure.  Once audited, it doesn't mean 
Its any more secure, but at least were on the way to cover any if not
most angles.  Cheers,

./r

-----Original Message-----
From: dovecot-bounce at procontrol.fi [mailto:dovecot-bounce at procontrol.fi]
On Behalf Of Farkas Levente
Sent: January 13, 2003 6:00 PM
To: dovecot at procontrol.fi
Subject: [dovecot] Re: security audit of the code

seth vidal wrote:
> On Mon, 2003-01-13 at 17:12, Timo Sirainen wrote:
> 
>>On Mon, 2003-01-13 at 23:30, seth vidal wrote:
>>
>>>Timo,
>>> I know that you're taking an effort to make sure that dovecot is
>>>written securely, but I was wondering if you've asked any third party
to
>>>audit the code yet. I don't have the skills necessary to do this but
I
>>>bet there is someone out there who does and might be willing to do
so.
>>
>>I don't really know who or where to ask. I'd be interested of getting
>>people to audit Dovecot too.
>>
> 
> 
> 
> Would it be reasonable to ask on bugtraq?
> 
> What about Chris Evans? - he wrote vsftpd and audited a bunch of Red
> Hat's releases iirc.  Maybe worth bugging him to see if he'd be
willing
> to look it over?

if he do that, than everybody accept it as "secure"..

-- 
  Levente
http://petition.eurolinux.org/index_html
  "The only thing worse than not knowing the truth is
   ruining the bliss of ignorance."






More information about the dovecot mailing list