[gentoo-dev] qmail testing again

[gentoo-dev] qmail testing again

[Robin H. Johnson]

[-- Attachment #1: Type: text/plain, Size: 900 bytes --]

Previously I asked for testers for qmail, and I would now like another
round of testing. 

If you tested qmail before, please definetly do upgrade to this latest
version as it fixes a major bug in my other testing version that could
cause major mail delays and a remote possiblity of mail loss.

Sync up to the latest tree, then re-emerge -r12 of qmail (it's currently
hardmasked).

STARTTLS and SMTP AUTH (both directions) should now work, but please
test them. Likewise with the ESMTP SIZE addon, and the other patches
involved.

I've got a few more patches to add in, then write some documentation in
the install files as to how to use the new stuff.

-- 
Robin Hugh Johnson
E-Mail     : robbat2@orbis-terrarum.net
Home Page  : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ#       : 30269588 or 41961639
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] qmail testing again

[Petre Rodan]

[-- Attachment #1: Type: text/plain, Size: 2571 bytes --]


I'm sorry to disturb you, but I couldn't help noticing that currently there are 15 patches to qmail, and this number has the tendency to rise with every ebuild.

I feel that DJ Bernstein did a great job creating the world's safest MTA. This is one of the main reasons sysadmins use it. My point is that even if there are reasons for upgrading the product (to add new features and such) the issues with not doing it are considerable and will likely out-weigh them. The commotion generated by smtp-auth patch is an example.

Now please don't get me wrong, I appreciate your work, I simply fell in love with Gentoo but I think that those who would like to emerge qmail should have the choice of selecting the exact features that can make them happy. Simply masking versions doesn't sound to good, maybe some USE switches would ease the way. I'm wondering maybe qmail-1.03-x.ebuild can be made to inherit some patch related switches from a file that is system-specific.

What are your thoughts on this?

Best regards,
Petre Rodan


On Tue, Sep 02, 2003 at 05:32:49PM -0700, Robin H. Johnson wrote:
> Previously I asked for testers for qmail, and I would now like another
> round of testing. 
> 
> If you tested qmail before, please definetly do upgrade to this latest
> version as it fixes a major bug in my other testing version that could
> cause major mail delays and a remote possiblity of mail loss.
> 
> Sync up to the latest tree, then re-emerge -r12 of qmail (it's currently
> hardmasked).
> 
> STARTTLS and SMTP AUTH (both directions) should now work, but please
> test them. Likewise with the ESMTP SIZE addon, and the other patches
> involved.
> 
> I've got a few more patches to add in, then write some documentation in
> the install files as to how to use the new stuff.
> 
> -- 
> Robin Hugh Johnson
> E-Mail     : robbat2@orbis-terrarum.net
> Home Page  : http://www.orbis-terrarum.net/?l=people.robbat2
> ICQ#       : 30269588 or 41961639
> GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85



-- 

Petre Rodan
Senior Network Engineer
GeCAD Software - RAV Division

----------------------------------------------------------------------
Tel/Fax: +40-21-321-7803
Hotline:  +40-21-321-7859

This message is confidential. It may also be privileged or otherwise 
protected by work product immunity or other legal rules. 
If you have received it by mistake please let us know by reply and then 
delete it from your system; you should not copy the message or disclose 
its contents to anyone.


[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] qmail testing again

[Robin H. Johnson]

[-- Attachment #1: Type: text/plain, Size: 2492 bytes --]

On Wed, Sep 03, 2003 at 09:55:36AM +0300, Petre Rodan wrote:
> I'm sorry to disturb you, but I couldn't help noticing that currently
> there are 15 patches to qmail, and this number has the tendency to
> rise with every ebuild.
I expect it to be around 20 when I'm done with the ebuild.

> I feel that DJ Bernstein did a great job creating the world's safest
> MTA. This is one of the main reasons sysadmins use it. My point is
> that even if there are reasons for upgrading the product (to add new
> features and such) the issues with not doing it are considerable and
> will likely out-weigh them. 
DJB himself has mentioned that he uses some of the patches in some
cases, and just for the most part does not have time to contribute to
maintaining qmail anymore.

I have personally considered forking qmail in the past, simply to
go thru a validation of the security of the patches and distribute them
officially integrated. I simply do not have enough time to attempt this
until I am finished university, unless somebody is willing to sponsor me
to do it as some part-time work (I presently work part time at the
university to cover some of my tuition).

> The commotion generated by smtp-auth patch is an example.
SMTP AUTH (both directions) and STARTTLS both require more setup than
just emerging the package. If you don't set them up, then qmail behaves
in a functionally identical way to how it did before.

The security hole (bugtraq id 8196) is caused solely by
misconfiguration. I've put code into place (not yet committed to CVS) in
the startup scripts for qmail-smtpd that will detect the possible
misconfiguration and error out.

> Now please don't get me wrong, I appreciate your work, I simply fell
> in love with Gentoo but I think that those who would like to emerge
> qmail should have the choice of selecting the exact features that can
> make them happy. Simply masking versions doesn't sound to good, maybe
> some USE switches would ease the way. I'm wondering maybe
> qmail-1.03-x.ebuild can be made to inherit some patch related switches
> from a file that is system-specific.
I will definetly look at an optional flag to disable the majority of the
patches that could have security issues anyway.

-- 
Robin Hugh Johnson
E-Mail     : robbat2@orbis-terrarum.net
Home Page  : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ#       : 30269588 or 41961639
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [gentoo-dev] qmail testing again

[Mike Frysinger]

[-- Attachment #1: signed data --]
[-- Type: text/plain, Size: 418 bytes --]

On Tuesday 02 September 2003 20:32, Robin H. Johnson wrote:
> Previously I asked for testers for qmail, and I would now like another
> round of testing.

works nicely here ... i'm only using it for some basic services though ... 
smtp/send/pop3 ...

on a semi-side note, ive add head -1 patches for some of the packages cr.yp.to 
produces ... ucspi-tcp, checkpasswd, dot-forward, maybe some others ...
-mike

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 827 bytes --]