On Wed, 25 Jun 2008 22:53:04 +0200 mouss <[hidden email]> wrote:
>Scott Kitterman wrote:
>>> open a bug to annoy your distro packager. these guys took a decision
>>> they must support its consequences. they can't break a working system
>>> and ask their users to complain to $upstream.
>> Actually we don't. I don't know if you've noticed, but I somewhat
>> regularly point Ubuntu Server users to distro specific mailing lists and
>sorry, I missed that. Now I know :)
I think people, in general, are to quick to go upstream and not use
documentation and support provided by the distribution. I don't know how
to solve that problem.
>> Postfix in chroot with SASL working is documented in the
>> Ubuntu server guide.
>> Ubuntu gets its Postfix package from Debian where it has been chrooted
>> default since approximately forever. I think that by now we can just
>> to disagree. It'll take me about 10 seconds to mark the bug won't fix,
>> the annoyance factor is low.
>I think that if ubuntu cancels this choice, it may help convincing
>debian to do the same.
>BTW Is there any chance to get debian to use postfix as the default MTA?
The primary postfix maintainer for Debian/Ubuntu is the same person, so I
don't think it would help much. At this point I think if the default were
changed it would, rightly, be considered a security regression.
I would rather focus on making stuff just work on doing better at providing
integrated functionality that works out of the box. Debian packaging (I
think RPM is similar, but I don't have much experience with it) is good at
providing packages installed with a sane set of defaults. It is not so
easy to provide a set of packages with an integrated configuration.
Rather than pushing the defaults to the lowest common denominator, I'd
rather work on making the integration more admin friendly.
In case you didn't know, Postfix is the primary MTA for Ubuntu (I don't say
default since a basic Ubuntu Server install has no open ports and no MTA).
I doubt Debian will change default MTA before Lenny is released (planned
for later this year). It was recently discussed. My sense is that Postfix
is roughly as popular as Exim.
>> If you don't care to support this distro specific change, instead of
>> like the above, just let it rest or point them at
>> [hidden email]. I try to answer the Ubuntu specific
>> questions that come up here, so there is no need to worry that someone
>> be left without assistance (I hadn't quite got to this one yet).
>Please accept my appologies.
Accepted. Not a problem.
>> I don't think Weitse needs a patch if he cared to support chroot by
>> Sometimes distros will come to different decisions than upstream because
>> they have different concerns. That doesn't make the packagers
>> insane. Please let's just agree to disagree on chroot by default and
>> worry about supporting it if you don't care to.
>chroot is nice, but it's not that easy. If the packagers do enough
>efforts to make it easy, I'd applaud. but this takes time and efforts.
>so in the meantime, I "suggest" keeping things as easy as possible. or
>may be providing a script to switch between chrooted and not chrooted
If someone has such a script, I think it would be quite helpful. I could
probably get it added to the Debian/Ubuntu postfix package.
> I don't think Weitse needs a patch if he cared to support chroot by
I think it is inappropriate to chroot Postfix by default. Chroot
make sense on dedicated firewalls. General-purpose desktops run
web browsers and have a much bigger attack surface than Postfix
will ever have.
On Thursday 26 June 2008 10:27, Wietse Venema wrote:
> Scott Kitterman:
> > I don't think Weitse needs a patch if he cared to support chroot by
> > default.
> That's Wietse.
Sorry about that. My apologies.
> I think it is inappropriate to chroot Postfix by default. Chroot
> make sense on dedicated firewalls. General-purpose desktops run
> web browsers and have a much bigger attack surface than Postfix
> will ever have.
I don't intend to get in the middle of the argument. From my perspective as a
distro developer (but not the postfix maintainer) it is what it is.
My main point is that part of why I'm here is to support such distro unique
changes so that upstream doesn't get stuck with issues that are not their