The fundamental problem here is that this turns into a security problem, which
in 2024 is not a nice thing to have.
Yes, theoretically I could run the previous Debian release, 11 Bullseye which
is now EOL but in LTS until 2026.
However, the OpenSSL delivered with Bullseye is 1.1.1. Any LTS patches
delivered by Debian are based on public patches, so basically there will be no
OpenSSL patches because OpenSSL moved 1.1.1 to premium support only,
*INCLUDING* security patches, as described on their website ("It will no longer
be receiving publicly available security fixes after that date")
https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/index.html.
Meanwhile, we are being spoonfed FUD/semi-FUD about the Debian provided 2.3
package. "be careful it's broken" is not a warning a good sysadmin takes
lightly.
Meanwhile, if we're lucky, we might get 2.4 this side of Christmas 2024.
Its all a bit of a mess. Its all a bit worrying.
Meanwhile alternatives are few and far between, and I suspect Dovecot knows
that ! The Dovecot community are left between the proverbial rock and a hard
place.
Cyrus is now dependent on the commercial goodwill of FastMail, which brings
thoughts of comparisons with Dovecot and OpenXChange.
Stalwart, whilst extraordinarily promising, needs another year or so of
development to reach v1 and mature the code.
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
