"wayne":
* The XML parsers are often very big, compared with the MTAs. When
you double the amount of code, as in the case of qmail and libxml,
you are more than double the chances of a security hole or allow for
some sort of abusive XML document.
Well, clearly, only an XML parsing application is vulnerable to an abusive
XML document (whatever that is). That said, claiming that linking with a
XML parsing library will "more than double" the chance of a security hole
seems a little wild. I'd be very surprised if XML MARID documents exercised
every single line of code in your XML library, so the absolute size of the
library isn't necessarily significant, is it?
If this kind of security is a such concern for you, the risk is easily
mitigated by sensible application design (e.g. don't link it in, have a
helper app). I don't see how it can be a show-stopper for XML, for us here.