Subject: Re: Microsoft: Closed source is more secure
From: Brian Behlendorf <brian@collab.net>
Date: Thu, 3 May 2001 07:53:49 -0700 (PDT)

On Thu, 3 May 2001, Lynn Winebarger wrote:
> Qmail lacks a features that are necessary for running an effective and
> secure mail exchange/relay operation "out of the box".  By secure, I
> particularly mean supporting authorization and starttls.

There are third-party patches for both of these things available from
qmail.org.  Yes, applying third-party patches can be a pain.  I've thought
about starting a "qmail-unoff" project that would be an unofficial set of
patches to qmail, distributed as a set, with QA and integration and all
that.  Then, someone takes the official qmail and applies a megapatch and
gets a set of useful features, nicely integrated.  This is cumbersome, but
doable, and even with a tool like CVS not unreasonable at all (releases
are a matter of taking a diff from the original import).  Yes, it does
mean a rework with a new Qmail release since DJB doesn't have a public CVS
tree, but that happens like once a year so it wouldn't be too bad.

At the very least, qmail is compilable from its non-open open source code.
My prediction would be that if MS were to release source code, it would
not be practically compilable, be poorly documented, and so voluminous in
size as to be unusable for anything other than... PR.  This would also
prevent the possibility of patches floating around to fix bugs, as patches
are meaningless if you can't compile it.

	Brian