Sad Clouds via Postfix-users:
> On Mon, 13 Apr 2026 16:20:48 -0400 (EDT)
> Wietse Venema via Postfix-users <[email protected]> wrote:
>
> > On my request, Viktor scanned Postfix source with Anthropic's Claude
> > Opus 4.6.
>
> There is a good paper on how programming languages like Ada help to
> avoid large number of software defects associated with C/C++:
>
> https://www.adacore.com/uploads/books/SafeSecureAdav2015-covered.pdf
Problems that Postfix does not appear to have. I'd like to remind
you that not every software problem is caused by memory corruption.
Examples: a security regression when the find command was
re-implemented in Rust; data-dependent web bugs (XSS, CSRF, etc).
With Postfix there could be policy implementation errors resulting
in unauthorized relaying; 'special' characters in SMTP commands,
DNS responses, or message content, that wreak havoc when used in
some other context; file system race conditions that result in
privilege escalation; or other mistakes in privilege handling such
as confused deputy.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
