|
Home > Archive > Debian Developers > July 2004 > Bug#261093: ITP: libspf -- official ANSI C sender policy framework (SPF) library
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Bug#261093: ITP: libspf -- official ANSI C sender policy framework (SPF) library
|
|
| martin f krafft 2004-07-23, 5:53 pm |
| Package: wnpp
Severity: wishlist
* Package name : libspf
Version : 1.0.0 rc4
Upstream Author : James Couzens <jcouzens@6o4.ca>
* URL : http://www.libspf.org
* License : see below
Description : official ANSI C sender policy framework (SPF) library
libSPF is an ANSI[0] C implementation of the SPF[1] ("Sender Policy
Framework"). libSPF's focus is to be as small and as portable as
possible and to provide a working example of how SPF would ideally be
implemented for authors of MTA's and implementors of RFC's 2821 and 2822.
libSPF currently only implements[2] explicitly what is set out in the SPF
Internet Draft as it was sent off to the I-D archive (
http://archives.listbox.com/spf-dis...00405/0128.html) of
which copy can be found at the libSPF website:
http://libspf.org/files/spf-draft-200405.txt
[0] to support the method of debugging employed in libSPF the library looses
its C/89 compliance to take advantage of Variadic Arguments (__VA_VARARGS__)
which are taken from the ISO C/99 C standard. Any stable branch of libSPF will
loose the debugging code and reclaim C/89 compliance.
[1] SPF is formerly known as Sender Policy Framework.
[2] The development branch of libSPF contains feature enhancements not
identified in the RFC of which most notably is the AVL-Tree DNS caching layer
which will be back ported into the 1.0-STABLE tree when it arrives at the
STABLE status.
Technical tidbits about the underlying implementation are that libSPF
employs an "on the fly" parse method where records are evaluated in a
byte by byte manner allowing the parser to return results at the first
sign of success or failure for much of the SPF Query language. This
parsing method affords a speed advantage over all other implementations
which perform an unnecessary validation of the entire query before
moving on to data evaluation. Great care has been taken to use unsigned
integers whenever possible, and to employ only safe string handling
functions (eg: snprintf over sprintf). Further care has been spent
allocating memory only to the very byte that is necessary and employing
dynamic allocation where appropriate. Several memory leak detection
implementations most notably Valgrind have been employed since the
beginning to ensure that memory is not leaked, and every single byte of
allocated memory is explicitly freed irregardless of the natural cleanup
of a modern kernel. This attention to detail has led to an efficient
and secure library with which it is hoped will lend confidence to those
who intend to implement it.
At the time of this writing libSPF ships with patches for Qmail,
Sendmail and Courier, and includes an API example entitled "SPF Query"
which doubles as an SPF validation test tool found within the source
tree. I encourage anyone who can to contribute by submitting patches
for the any and all MTA's or related software. Lastly the LICENSE that
libSPF is released under is a derivative of the Apache license aptly
named "the libSPF license", intentionally authored to encourage FREE
commercial use without worry, something that unfortunately the GPL and
LGPL do not afford.
/*
* License:
*
* The libspf Software License, Version 1.0
*
* Copyright (c) 2004 James Couzens & Sean Comeau All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHORS MAKING USE OF THIS LICENSE
* OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (600, 'testing'), (98, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-1-k7-smp
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8
--
Please do not CC me when replying to lists; I read them!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
| |
| Eric Dorland 2004-07-23, 5:53 pm |
| Hmmm, I've already packaged libspf2 which is of course confusingly
similar. I'm not really in strong contact with upstream, but is there
a reason for these two separate libs?
* martin f krafft (madduck@debian.org) wrote:
> Package: wnpp
> Severity: wishlist
>
> * Package name : libspf
> Version : 1.0.0 rc4
> Upstream Author : James Couzens <jcouzens@6o4.ca>
> * URL : http://www.libspf.org
> * License : see below
> Description : official ANSI C sender policy framework (SPF) library
>
> libSPF is an ANSI[0] C implementation of the SPF[1] ("Sender Policy
> Framework"). libSPF's focus is to be as small and as portable as
> possible and to provide a working example of how SPF would ideally be
> implemented for authors of MTA's and implementors of RFC's 2821 and 2822.
> libSPF currently only implements[2] explicitly what is set out in the SPF
> Internet Draft as it was sent off to the I-D archive (
> http://archives.listbox.com/spf-dis...00405/0128.html) of
> which copy can be found at the libSPF website:
> http://libspf.org/files/spf-draft-200405.txt
--
Eric Dorland <eric.dorland@mail.mcgill.ca>
ICQ: #61138586, Jabber: hooty@jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+
G e h! r- y+
------END GEEK CODE BLOCK------
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| martin f krafft 2004-07-24, 2:48 am |
| also sprach Eric Dorland <eric@debian.org> [2004.07.23.2003 +0200]:
> Hmmm, I've already packaged libspf2 which is of course confusingly
> similar. I'm not really in strong contact with upstream, but is
> there a reason for these two separate libs?
Well, apparently libspf is the established standard, and i would not
mind helping it stay so by putting it into the archive. libspf2 was
created purposely to go against libspf. apparently.
http://moscow.6o4.ca/shevek.html
i am not going to get involved in this. I don't see why we should
not simply provide both.
--
Please do not CC me when replying to lists; I read them!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
| |
| Colin Watson 2004-07-28, 6:23 pm |
| On Sat, Jul 24, 2004 at 09:50:33AM +0200, martin f krafft wrote:
> also sprach Eric Dorland <eric@debian.org> [2004.07.23.2003 +0200]:
>
> Well, apparently libspf is the established standard, and i would not
> mind helping it stay so by putting it into the archive. libspf2 was
> created purposely to go against libspf. apparently.
>
> http://moscow.6o4.ca/shevek.html
I have to say, that page entirely convinces me that its author is a
kook, and that I should stay well away from any code written by the
person railing against Shevek.
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Henrique de Moraes Holschuh 2004-07-28, 6:23 pm |
| On Sat, 24 Jul 2004, Colin Watson wrote:
> On Sat, Jul 24, 2004 at 09:50:33AM +0200, martin f krafft wrote:
>
> I have to say, that page entirely convinces me that its author is a
> kook, and that I should stay well away from any code written by the
> person railing against Shevek.
And also, from anything written by Shevek. It is quite obvious why he names
his stuff "Official * library". The very idea of "Official" here is the
problem... one that got me thinking as soon as I heard about libspf
yesterday. Had he named it "reference" library, I wouldn't have thought
twice about the issue.
We need a third contender, these two look like they have the wrong profile
to take care of anything that gets close to a mission-critical MTA.
I would, however, strongly suggest that we drop the "official" crap from
libspf's descriptions. Let it contend against all other libs (and I sure
hope we get a third one that is actually worth considering) in equal
footing.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| martin f krafft 2004-07-28, 6:23 pm |
| also sprach Henrique de Moraes Holschuh <hmh@debian.org> [2004.07.24.1420 +0200]:
> And also, from anything written by Shevek. It is quite obvious
> why he names his stuff "Official * library".
you are mixing the two up. shevek is libspf2. libspf is the
"official" one.
--
Please do not CC me when replying to lists; I read them!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
| |
| martin f krafft 2004-07-28, 6:23 pm |
| retitle 261093 RFP: libspf -- sender policy framework (SPF) library
retitle 261189 RFP: libsrs -- sender rewriting scheme (SRS) library
thanks
also sprach Colin Watson <cjwatson@debian.org> [2004.07.24.1321 +0200]:
> I have to say, that page entirely convinces me that its author is
> a kook, and that I should stay well away from any code written by
> the person railing against Shevek.
well, i am in conversation with him and not entirely convinced that
i do actually want to package libspf/libsrs. while i think
that the library should definitely be in debian just to give out
users a choice, i am afraid that maintaining it will expose me to
more of the politics than i am willing to handle.
also, i don't use either of the libraries myself, so i cannot make
a technical statement. if libspf2 is really more advanced, then by
all means, libspf's use should not be fostered, even though that's
a harsh call for its author. but i feel that only someone who's
tried them both can make a statement here.
until that statement is made, i will leave the two ITPs as RFPs. if
i choose to package them in the end, i will definitely drop
"official" from the descriptions. if someone else packages them,
i urge her/him to do the same.
cheers,
--
Please do not CC me when replying to lists; I read them!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
| |
| Henrique de Moraes Holschuh 2004-07-28, 6:23 pm |
| On Sat, 24 Jul 2004, martin f krafft wrote:
> also sprach Henrique de Moraes Holschuh <hmh@debian.org> [2004.07.24.1420 +0200]:
>
> you are mixing the two up. shevek is libspf2. libspf is the
> "official" one.
I see. Who's behind the 6o4.ca page? The maintainer of libspf "official",
or someone else? I want to make sure I am not mixing anything else up...
I still think that "official" has to go from the package descriptions.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| martin f krafft 2004-07-28, 6:23 pm |
| also sprach Henrique de Moraes Holschuh <hmh@debian.org> [2004.07.24.1949 +0200]:
> I see. Who's behind the 6o4.ca page? The maintainer of libspf
> "official", or someone else? I want to make sure I am not mixing
> anything else up...
the libspf author.
> I still think that "official" has to go from the package descriptions.
he changed it from "official" to "original"
--
Please do not CC me when replying to lists; I read them!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
| |
| Eric Dorland 2004-07-28, 6:23 pm |
| * martin f krafft (madduck@debian.org) wrote:
> also sprach Eric Dorland <eric@debian.org> [2004.07.23.2003 +0200]:
>
> Well, apparently libspf is the established standard, and i would not
> mind helping it stay so by putting it into the archive. libspf2 was
> created purposely to go against libspf. apparently.
>
> http://moscow.6o4.ca/shevek.html
>
> i am not going to get involved in this. I don't see why we should
> not simply provide both.
Hmmm, unfortunately I was away for the weekend and he seems to have
taken the page down 
--
Eric Dorland <eric.dorland@mail.mcgill.ca>
ICQ: #61138586, Jabber: hooty@jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+
G e h! r- y+
------END GEEK CODE BLOCK------
| |
| martin f krafft 2004-07-28, 6:23 pm |
| also sprach Eric Dorland <eric@debian.org> [2004.07.26.0618 +0200]:
> Hmmm, unfortunately I was away for the weekend and he seems to have
> taken the page down
He is realising that the polemic nature of the page did more bad
than good.
--
Please do not CC me when replying to lists; I read them!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
|
|
|
|
|