I suspect the revulsion is that he did not write a full blog post, the time and effort was not consumed, instead there was an engine that did it for him. At which point interest drops significantly.
I too suffer from lack of interest in machine written posts. but the real sociological problem is because it is hard to tell the difference, disinterest turns into paranoia. And this hurts everyone.
However in this case, the article in question does not read like machine written, so perhaps the revulsion was just over the hyperbolic tone.
Yeah, that extremely purple paragraph about how the blog was documenting that liminal period where humans worked together with AI as partners was embarrassing.
It says coordinated distro release today, and I've received a notice earlier today but that does not include the CVE number. That's confusing / does not seem very coordinated to release 2 separate security update notices in a day.
Many years ago I used Exim because it was default for my distro of choice back then. But after a few emergency patchings caused by yet another RCE in Exim I learned that switching to Postfix massively improved my sleep quality.
There's a weird folk belief that Exim is a secure 2nd-generation MTA, but it's not; it's a 1st generation MTA, like Sendmail and Smail. The two "secure" 2nd generation MTAs are Postfix and qmail. You shouldn't use those either, really; there is no reason to run a memory-unsafe MTA, or, for that matter, an MTA that isn't backed by a real database.
I run postfix in a receive-only mode to power inbound email processing. I'm very very glad there's no database requirement. It just passes the processing of inbound emails to a filter over stdin, which can do whatever it wants with databases or whatever it needs.
Right, and that fork is the only version of qmail people still run, and the bug they found was extremely funny given Bernstein's original qmail design (it was, if I remember right, a popen(3) vulnerability --- something that never would have showed up in Bernstein's code, but that's what happens when code gets abandoned, it gets picked up by people who don't really understand it). But it's hard to charge that vulnerability against the original qmail design.
Gag.
He writes a full blog post, takes time and effort to do so, and you quit it with 'Gag'.
Get a grip
I too suffer from lack of interest in machine written posts. but the real sociological problem is because it is hard to tell the difference, disinterest turns into paranoia. And this hurts everyone.
However in this case, the article in question does not read like machine written, so perhaps the revulsion was just over the hyperbolic tone.
These people write like they picture themselves as sages describing the end times to scared children.
You complain about their writing style, no one forced you to read, which you could summarize with an AI if you even cared for the conent but no.
And i read A LOT and i do not come across this writing style at all.
Nah.
Previously (2020): https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE...
Previously (2019): https://www.cvedetails.com/vulnerability-list/vendor_id-1091...
https://lists.debian.org/debian-security-announce/2026/msg00...
Color me surprised. The GNU ecosystem has had more than its fair share of CVEs over the years to the point that it's now a common trope:
https://soatok.blog/2020/07/08/gnu-a-heuristic-for-bad-crypt...
I’ve been looking at Stalwart to replace my old exim setup, wondering if it’s a reasonable choice.
(I don't think anyone should run qmail.)