Hi,
thanks a lot for creating Mail-in-a-Box. It looks like a promising alternative for my current mailserver setup.
I am concerned about Mail-in-a-Box using packages from Ubuntu universe. The Mail-in-a-Box setup installs a number of packages from Ubuntu’s “universe” repository [1]. According to Ubuntu, the packages from universe are not officially supported and may not receive security updates [2]. In my experience, even if a patch is available from Debian, Ubuntu wants additional testing to be performed by volunteers before applying Debian security updates to Ubuntu universe [3]. Therefore, I am a bit hesitant to use a system which uses a lot of packages from Ubuntu universe. That being said, I am not aware of any unfixed security issues in the universe packages used by Mail-in-a-box. What do you think about this?
Best regards,
Milan
[1] The following command lists packages not from “main” (i.e. universe, multiverse or something else):
for pkg in $(dpkg -l | grep ^ii | awk ‘{print $2}’); do fn="$(apt-cache show $pkg | grep ^Filename | awk ‘{print $2}’)"; echo “$fn” | grep -q /main/ || echo “$pkg”; done
On my Mail-in-a-box installation, 72 universe packages are installed.
[2] Ubuntu documentation: https://help.ubuntu.com/lts/serverguide/configuration.html
[3] https://bugs.launchpad.net/ubuntu/+source/lua-expat/+bug/1382229