[Mailman-Users] a few questions about the NNTP gateway

Barry Finkel b19141 at britaine.ctd.anl.gov
Tue Aug 7 15:53:34 CEST 2007

Brad Knowles wrote in reply to a posting:

>And I'm not at all convinced that "security problems are not a 
>problem, with Debian" or any other OS, for that matter.  Especially 
>not with an old binary package that is based on old code that is 
>known to have security flaws.

When I was comparing the sources for Ubuntu/Debian Mailman 2.1.5
against the SourceForge 2.1.9 source, I had to check the three
security patches in 2.1.9.  Two of the patches matched; one was
completely different (different code in a different module).
I do not have enough knowledge of the internals of Mailman to be
able to determine if this third patch resolved the security
problem.  I ended up building my own Ubuntu package from the 2.1.9
SourceForge source, in the process eliminating almost all of the
Debian/Ubuntu patches.  The patches were, for the most part,
undocumented, so I had no idea exactly what they did.  Nor did I know
if they would fit into the 2.1.9 source, as some of the patches were
based on pre-2.1.5 code.
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the Mailman-Users mailing list