You list two ways of "securing" PGP, the first being to write the secure key to a semi-random location and the second being to make it not readable to a normal user and have a suid binary. Leaving aside the obvious complaints about suid binaries for things that shouldn't be suid, niether of these helps at all. They just mean that in order to get the key the trojan needs to run the PGP binary (with the suid solution it might be able to find a hole and get other people's too). Big deal.
I would have to say that the solution to the problem is to follow the users guide to PGP (you know that big text document that came in the distribution that said "Never store your secret key on the same system as PGP.") If you secure your key with a large, near random, passphrase; store it on non-writable, unmounted media in a secure location (where secure and attached to a computer are mutually exclusive (more so for a computer on a network)); and then still don't trust the security of the encryption (it's only 128 bits, if you want real security ship a CD with a one-time pad to the remote location via secured carrier) I don't think you would be that vulnerable.
You're not paranoid if they're really out to get you.
I've never actually used sendmail, but I've looked at the config files, and they look nasty. sendmail also is a big suid root, sgid bin binary which scares me to death.
qmail is easier to configure, a whole lot more secure (from a design standpoint, I neither know nor care how many holes are actually left in sendmail), and allows users to admin their own lists (which is quite useful). It, however, is not a sendmail replacement. It doesn't use.forward (which all of your users probably use), it doesn't use/var/spool/mail (or the incorrect/usr/mail,/var/mail or/var/spool/mail) but instead insists on putting mail in the users home directory. It also lacks some of the more obscure features of sendmail (such as mail to news gateways). I would say that qmail is just fine if you're the only user of your system or if you have all very educated users. qmail's license prohibits redistribution differing from the original package unless said distribution is approved by the DJB (the author)
Postfix (www.postfix.org) is a new mailer by Wietse Venema co-author of SATAN and author of TCP Wrappers and it's very cool. It was designed from the ground up to be secure. It has an extremely easy to use configuration syntax allows for mail to be places either under the users name in a specified directory (/var/spool/mail) or under a specified name in the users directory, and allows for mbox or maildir formatted mailboxes (most people use mbox, but maildir has better integrity). It also is extremely flexible and can (I believe) do everything that sendmail can at this point. It also allows for users to maintain their own lists. Basically the only reason I would suggest you choose something other than postfix is that postfix is currently in Beta and still under development. (Note that I'm not saying it's not stable. I've been running it and it appears quite stable and secure to me, but it is beta software) postfix is licensed by IBM and the license is sort of odd: it tries to guarantee that the source will be available but makes if very clear that all changes are to be available.
In summary:
If you absolutely demand truly open software, use sendmail. Though the other two licenses aren't awful, they leave much to be desired.
If you're running a large server and demand high security (i.e. Hotmail, pobox, Yahoo), do a lot of research and write your own so that it's optimized to your system.
If you have a bunch of lusers; you don't demand much security, and don't have time to keep up with updates to a beta daemon go with sendmail.
If you are the only user on your system, or it's just you and your Linux hacker buddies and you don't want to bother with keeping up with updates to beta software go with qmail
If you want a really cool MTA and don't mind tracking updates (about one a month) go with postfix
The only WM I know that has monikers is AfterStep. If anyone knows of another one then please tell me because I consider that one feature to be enough to deside which WM to use, so I won't even consider a different one if it doesn't have monikers on the background menu.
Sure he can change his mind anytime he wants. But changing one's mind when one has said somthing like (to quote Berst) "I think it's great if you are willing to promote Linux to your boss. As long as you are aware of the risk you are taking. The risk of getting fired," or "My belief: Linux will never go mainstream" is generally denoted by writing articles with an overall tone similar to "I'm sorry about trashing Linux, I was wrong and I admit it," rather than (again, to quote Berst) "Now I've always said that Linux could be a serious challenger to Windows NT."
Berst is so full of crap it's seeping out his ears.
Slashdot Mirror
It's pedant. not pedent
I would have to say that the solution to the problem is to follow the users guide to PGP (you know that big text document that came in the distribution that said "Never store your secret key on the same system as PGP.") If you secure your key with a large, near random, passphrase; store it on non-writable, unmounted media in a secure location (where secure and attached to a computer are mutually exclusive (more so for a computer on a network)); and then still don't trust the security of the encryption (it's only 128 bits, if you want real security ship a CD with a one-time pad to the remote location via secured carrier) I don't think you would be that vulnerable.
You're not paranoid if they're really out to get you.
I've never actually used sendmail, but I've looked at the config files, and they look nasty. sendmail also is a big suid root, sgid bin binary which scares me to death.
qmail is easier to configure, a whole lot more secure (from a design standpoint, I neither know nor care how many holes are actually left in sendmail), and allows users to admin their own lists (which is quite useful). It, however, is not a sendmail replacement. It doesn't use .forward (which all of your users probably use), it doesn't use /var/spool/mail (or the incorrect /usr/mail, /var/mail or /var/spool/mail) but instead insists on putting mail in the users home directory. It also lacks some of the more obscure features of sendmail (such as mail to news gateways). I would say that qmail is just fine if you're the only user of your system or if you have all very educated users. qmail's license prohibits redistribution differing from the original package unless said distribution is approved by the DJB (the author)
Postfix (www.postfix.org) is a new mailer by Wietse Venema co-author of SATAN and author of TCP Wrappers and it's very cool. It was designed from the ground up to be secure. It has an extremely easy to use configuration syntax allows for mail to be places either under the users name in a specified directory (/var/spool/mail) or under a specified name in the users directory, and allows for mbox or maildir formatted mailboxes (most people use mbox, but maildir has better integrity). It also is extremely flexible and can (I believe) do everything that sendmail can at this point. It also allows for users to maintain their own lists. Basically the only reason I would suggest you choose something other than postfix is that postfix is currently in Beta and still under development. (Note that I'm not saying it's not stable. I've been running it and it appears quite stable and secure to me, but it is beta software) postfix is licensed by IBM and the license is sort of odd: it tries to guarantee that the source will be available but makes if very clear that all changes are to be available.
In summary:
The only WM I know that has monikers is AfterStep. If anyone knows of another one then please tell me because I consider that one feature to be enough to deside which WM to use, so I won't even consider a different one if it doesn't have monikers on the background menu.
Sure he can change his mind anytime he wants. But changing one's mind when one has said somthing like (to quote Berst) "I think it's great if you are willing to promote Linux to your boss. As long as you are aware of the risk you are taking. The risk of getting fired," or "My belief: Linux will never go mainstream" is generally denoted by writing articles with an overall tone similar to "I'm sorry about trashing Linux, I was wrong and I admit it," rather than (again, to quote Berst) "Now I've always said that Linux could be a serious challenger to Windows NT."
Berst is so full of crap it's seeping out his ears.