[linux-elitists] Mailman Must Die

[Aaron Sherman]

Marc MERLIN wrote:
> you end up being a DJB that people snicker at with "that guy thinks he's so
> bright that he had to write his own libc" (instead of fixing/wrapping the
> few problematic pieces of them, and in the case of reasonable maintainers,
> contributing the code back).
>   

To be fair, I don't like some things about DJB's approach, but he's 
right on one level that's worth noting: it's impossible (or at least no 
less difficult than a rewrite) to patch around the fact that a system is 
too large and unwieldy to ever be reliably security audited. His 
tendency to then use that as a launching pad for fanatically 
incompatible redesigns of his quasi-open-source software is another 
issue, but on this one point, he has nailed the primary valid reason to 
re-implement rather than modify/fork.

That being said, the concern with mailman wasn't that it's large and 
security-flaw riddled, it was that a few features were implemented 
poorly or at least not to taste, and that's exactly the wrong reason for 
a rewrite. It always *seems* like less work to re-write, because you can 
write something that does 80% of the job in a few days or less. But, 
then there's that 20%... and therein lies the rub.

Worse, this tendency also typically precludes discovering that others 
have already been there, or are working on the same issue:

http://mail.python.org/pipermail/mailman-users/2007-February/055797.html