Hi. On Wed, Feb 12, 2020 at 11:53:09AM -0600, Tom Browder wrote: > In the process of reading a blog article by the current developer I > discovered the upstream is now at version 6.6.2p1+ after some serious > security issues were discovered by SSL Labs (Qualys). Note that Debian > 10 is only at version 6.0.3p1!
It's a common mistake to look at the beginning of the version of Debian package, disregarding the rest. Debian package is actually 6.0.3p1-5+deb10u3, and that deb10u3 part contains the patches that fixed CVE-2020-7247 you're referring to. > I would like to install from source but I wonder if that is such a > smart move, No, it does not. Specifically, if you're aiming at version 6.6.2p1 - install opensmtpd from the backports. > especially when we now use systemd and the source is set > up with the traditional GNU automake system and I don't see any > provision for systemd. I don't grok systemd very well and usually > rely on others for the proper setup. And that's why the lazy among us use Debian packages - because packages tend to fix such problems. > I have asked for help on the OpenSMTPD mailing list, But you'll likely to get OpenBSD-specific answer. Reco
