please remove the procmail port

Tue, 18 Nov 2014 12:45:50 -0800 

Executive summary: delete the procmail port; the code is not safe and 
should not be used as a basis for any further work.


As people may know, I was the upstream maintainer of procmail back in the 
late 1990's though 2001.

Recent fuzzing efforts have found several bugs in procmail.  I was 
contacted by the Debian port maintainer.  Below you'll find my reply.

When a change in your own priorities happens over a long enough period of 
time, it can be hard to recognize when something you loved no longer 
matches your design priorities.  These recent reports finally made me 
recognize that and think about what could usefully be done with the 
procmail source.  It's time to retire it.


Philip


---------- Forwarded message ----------
Date: Tue, 18 Nov 2014 02:57:54 -0800
From: Philip Guenther <pguent...@proofpoint.com>
To: Santiago Vila <sanv...@unex.es>
Cc: Philip Guenther <guent...@sendmail.com>,
    Stephen R. van den Berg <s...@cuci.nl>, Jakub Wilk <jw...@debian.org>
Subject: Re: Bug#769938: procmail: NULL pointer dereference (fwd)

On Tue, 18 Nov 2014, Santiago Vila wrote:
> I received this report from the Debian bug system.
> 
> Since I don't usually receive replies for the bug reports I send to
> this address, I'm going to Cc the author and the maintainer as well.
> 
> I don't intend to do this for every bug, but this is a segmentation fault.
> In case I didn't say it before: procmail needs an upstream maintainer!

Hi, this is Philip Guenther.  Please remove me from the list of procmail 
maintainers: I haven't had write access to the procmail source repository 
for at least 13 years and no longer use it.


Unfortunately, I don't see procmail as a good base for mail filtering now.  
IMO, procmail brought two things to the table at the time: a more 
powerful--though obtuse--filtering language, and a better systems base for 
accepting and delivering messages.  The language is a poor match for the 
complexity of modern systems with lots of MIME traffic, while the base 
is--IMHO--too complex, too clever, and written in a style that doesn't 
attract new maintainers.  What were strengths in the past are no longer 
valuable and have become liabilities for a program exposed to general 
Internet email.

I learned much from procmail and it filtered a lot of email for me and the 
places I worked at, but the world has changed and I moved on years ago.  
I recommend others do so as well.


Philip Guenther
<guent...@sendmail.com>

Reply via email to