kmail

[Dave Feustel]

On Monday 07 February 2005 07:39 pm, Ingo Klöcker wrote:
> On Tuesday 08 February 2005 00:17, Dave Feustel wrote:
> > When was the last time, if ever, that kmail
> > source code was subjected to a security audit?
> 
> Since KMail is Free Software and thus its source code is freely 
> available we can't answer this question. The only thing I can say is 
> that I'm not aware of any KDE developer every performing a security 
> audit of KMail (apart from some potentially dangerous usage of some 
> dangerous libc functions which was fixed just before KDE 3.1 (?) in all 
> of KDE).
> 
> Is there any particular reason why you ask? Or is it just general 
> curiosity?

I have been using Kmail heavily for almost 3 years now. I am quite happy 
with the way it normally works. Various problems with the most recent 
version of kmail have surfaced recently (a couple of months after installation)
which have made me wonder whether kmail could have been trojaned.
These problems are becoming numerous enough that I am seriously
considering switching to a text-mode pop mail client. This may seem
paranoid, but I am politically active on the internet and I have had very
serious problems with hacking in the past when I was running NT/Win2000/XPPro. 
I have had almost no trouble since I switched to OpenBSD. Problems that have 
occurred since the switch now occur with kmail. There used to be some 
problems with Konqueror, but not any longer as far as I can tell.

> If you discover some security problems then please notify 
> security at kde.org.

At the moment I only have suspicions, no proof.
 
> Regards,
> Ingo
>