This will surprise some of your readers, but my primary interest is not with computer security. I am primarily interested in writing software that works as intended.
Qmail out of the box works fine, so people will want to use it regardless of licensing restrictions, even when the software does not ship with their system software.
In a previous life I wrote the software that controlled my physics experiments. That software had to deal with all kinds of possible failures in equipment. That is probably where I learned to rely on multiple safety nets inside and around my systems.
Coming back to the topic of computer security, the TCP Wrapper is an example of such a safety net. I wrote it when my systems were under attack by someone who appeared to walk through walls.
At the time the Sendmail program had a very poor reputation with respect to security, with four root vulnerabilities per year for two successive years.
However, writing software without defects is not sufficient. In my experience, it is at least as difficult to write software that is safe - that is, software that behaves reasonably under adverse conditions.
I was going to visit IBM for six months as a visiting scientist. Now, six months is a lot of time, so I came with a whole list of projects that I might want to work on.
I want to avoid locking people into solutions that work only with Postfix. People should have a choice in what software they want to use with Postfix, be it anti-virus or otherwise.
I don't expect an overnight change of all desktops to what the US Military used to call B3 level security. And even that would not stop users from shooting themselves into the foot.
