The challenge with Postfix, or with any piece of software, is to update software without introducing problems.

In a previous life I wrote the software that controlled my physics experiments. That software had to deal with all kinds of possible failures in equipment. That is probably where I learned to rely on multiple safety nets inside and around my systems.

Defect-free software does not exist.

Postfix keeps running even if one Postfix process dies; Windows requires that someone restarts the service.

Most of the effort in the software business goes into the maintenance of code that already exists.

When I write software, I know that it will fail, either due to my own mistake, or due to some other cause.

This will surprise some of your readers, but my primary interest is not with computer security. I am primarily interested in writing software that works as intended.