On Tue, Aug 15, 2000 at 01:36:40AM -0700, Pete Naylor wrote:
> 
> Greg A. Woods wrote...
> 
> > But what I really meant was to conclude from what you'd said directly --
> > i.e. you said that postfix was still not "full featured", so, therefore
> > one can conclude that it's "smaller" and "simpler" in concepts.
> 
> Now I understand your point - thanks.  Not sure that I really agree
> though, given the number of different components of postfix (as you can
> tell, I'm not of the opinion that more daemons equates to more security).

Improved modularity of code generally leads to more security when it
assists in isolating and minimizing security-critical sections.  Or, to
use Marcus Ranum's adage, "any piece of security-critical code I can't
read while I'm drinking a single cappucino is wrong."

Postfix is a good example of that rule successfully applied.

Unfortunately, many programs that people feel very passionate about
(perhaps because they've beaten them into submission at some point
early in their careers and feel nostalgic) are examples of particularly
egregious *failure* to understand that rule.  Sendmail and, amusingly,
Ylonen SSH and its various offspring are among the "best" examples
of that.

Incidentally, one thing you're overlooking, perhaps because nobody
communicated it very well, is that one key reason we originally sought
to use Postfix in NetBSD was the decision by the Sendmail authors to
place their code under a GPL-like license.  Though not perfect, the
license Postfix was distributed under at that time was quite a bit
more helpful to those building binary-only (e.g. embedded -- and
that's a big segment of our commercial users) products from NetBSD.
We also anticipated that the Postfix license would change for the
*better* (that is, become more BSD-like), not for the worse.

Unfortunately, that didn't happen.  But personally I'm quite glad
Postfix is in the distribution; probably at least as much as you
are upset that Sendmail is no longer the only MTA we ship.