Quoting Tom Browder (2020-02-12 18:53:09) > I started looking in to use of OpenSMPTD for a mail server and have > installed it from Debian packages. > > In the process of reading a blog article by the current developer I > discovered the upstream is now at version 6.6.2p1+ after some serious > security issues were discovered by SSL Labs (Qualys). Note that Debian > 10 is only at version 6.0.3p1! See the source at: > > https://github.com/OpenSMTPD/OpenSMTPD > > I would like to install from source but I wonder if that is such a > smart move, especially when we now use systemd and the source is set > up with the traditional GNU automake system and I don't see any > provision for systemd. I don't grok systemd very well and usually > rely on others for the proper setup. > > I have asked for help on the OpenSMTPD mailing list, but I suggested > my first effort would be to use the systemd setup used by the Debian > installation (with appropriate renaming). I haven't received an answer > yet.
Please beware that Debian backports bugfixes for stable releases, so it is not enough to look at version numbers to know if a package is vulnerable or not, you need to also inspect which patches has been applied. That said, feel free to try do a better job than Debian. If you like such work, then please do consider joining Debian so that others can benefit from the refinements that you make for yourself - that's why most if not all of us Debian developers do what we do: maintain and distribute our refinements as a coherent whole :-) Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
