Why does dovecot require mysql?
Matthew Miller
mattdm at mattdm.org
Mon Jan 17 06:49:36 UTC 2005
On Sun, Jan 16, 2005 at 05:24:10PM -1000, Warren Togami wrote:
> >and IMHO a security risk. It will make security audits more difficult
> >since unused packages are included and adds just that much more code
> >that could have an exploit in it.
> You are overstating the security risk of a single library package that
> is unused.
Still, this isn't a good direction to go. There *could* be security problems
in any code, and not having what you don't need is the 100% sure way to
avoid them. This needs to be split up more. And, it'd be nice to avoid
updates which suddenly pull in new dependencies unless it's strictly
necessary.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the users
mailing list