|
Home > Archive > Debian Developers > August 2004 > SPF - exim4 + debian.org
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SPF - exim4 + debian.org
|
|
| Jiri Klouda 2004-07-24, 2:48 am |
| Hi,
do you think it would be possible if the debian.org
and lists.debian.org defined the SPF (Sender Policy
Framework) text in the DNS records?
Also, it would be nice if exim4 had an option in the
configuration to include spf checks. I know its very
easy to install it, I did that in 10 minutes, but...
I am a little afrain my work disapears on upgrade.
And one final one. Who had that dumb idea to let
exim4 run under user and group "Debian-exim"
Seriously, why cannot this just be "exim"? Really?
Or at least "deb-exim"? You should know that anything
over 8 characters will mess up all the output of ls
and ps and yadayada...
Please...
Thank you,
-Jiri
PS: You have to fix the /usr/sbin/exim4 executable to
rename that silly group name. Luckily replacing
�Debian-exim� with �exim�Debian� works fine.
--
Jiri Klouda <jk@zg.cz>
http://www.zg.cz/~jk
| |
| Andrew Suffield 2004-07-28, 6:23 pm |
| On Sat, Jul 24, 2004 at 01:25:46AM -0700, Jiri Klouda wrote:
> do you think it would be possible if the debian.org
> and lists.debian.org defined the SPF (Sender Policy
> Framework) text in the DNS records?
Unless it's just a do-nothing record, no. Don't XXXX up my mail.
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
| |
| Petter Reinholdtsen 2004-07-28, 6:23 pm |
| [Jiri Klouda]
> And one final one. Who had that dumb idea to let exim4 run under
> user and group "Debian-exim" Seriously, why cannot this just be
> "exim"? Really? Or at least "deb-exim"? You should know that
> anything over 8 characters will mess up all the output of ls and ps
> and yadayada...
Not only that, but this make that username incompatible with systems
with the POSIX minimum size limit on user names, as given
_POSIX_LOGIN_NAME_MAX. See
<URL:http://www.opengroup.org/onlinepubs...h/limits.h.html>
for the current value (8).
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Josselin Mouette 2004-07-28, 6:23 pm |
| Le sam 24/07/2004 Ã_ 10:25, Jiri Klouda a écrit :
> Hi,
> do you think it would be possible if the debian.org
> and lists.debian.org defined the SPF (Sender Policy
> Framework) text in the DNS records?
No, no and no. SPF is a completely broken idea, and it cannot work *at
all* for domains like debian.org. That would mean listing all the IPs
from which developers can send mail.
> Also, it would be nice if exim4 had an option in the
> configuration to include spf checks. I know its very
> easy to install it, I did that in 10 minutes, but...
> I am a little afrain my work disapears on upgrade.
Why would it disappear upon upgrade? That would be a policy violation.
And again, I strongly disagree with enabling SPF in our default MTA. We
shouldn't even link it with any SPF library, as that would encourage
such bad practice.
--
.''`. Josselin Mouette /\./\
: :' : josselin.mouette@ens-lyon.org
`. `' joss@debian.org
`- Debian GNU/Linux -- The power of freedom
| |
| Andreas Metzler 2004-07-28, 6:23 pm |
| On 2004-07-24 Jiri Klouda <jk@zg.cz> wrote:
[...]
> Also, it would be nice if exim4 had an option in the
> configuration to include spf checks.
[...]
It has, consult the exiscan documentation. It is not enabled in binary
packages we ship (rationale in <http://bugs.debian.org/258210> ) but
you can easily rebuild a exim4-daemon-custom with spf-support.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andrew Suffield 2004-07-28, 6:23 pm |
| On Sat, Jul 24, 2004 at 11:06:53AM +0200, Petter Reinholdtsen wrote:
> [Jiri Klouda]
>
> Not only that, but this make that username incompatible with systems
> with the POSIX minimum size limit on user names
Which does not include Debian. Can't see how that's relevant.
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
| |
| Petter Reinholdtsen 2004-07-28, 6:23 pm |
| [Andrew Suffield]
> Which does not include Debian. Can't see how that's relevant.
It is relevant in settings where debian is in an environment with
other operating systems which do have this limitation
(interoperability), and in such environment it is smart to stick to
the features that work on all operating systems for consistency.
Debian is not an island with no interaction with other systems.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andrew Suffield 2004-07-28, 6:23 pm |
| On Sat, Jul 24, 2004 at 02:05:35PM +0200, Petter Reinholdtsen wrote:
> [Andrew Suffield]
>
> It is relevant in settings where debian is in an environment with
> other operating systems which do have this limitation
> (interoperability), and in such environment it is smart to stick to
> the features that work on all operating systems for consistency.
This implies that you're using some external system for your
passwd/group/shadow backends and therefore the behaviour of the local
adduser is not very interesting.
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
| |
| Stephen Frost 2004-07-28, 6:23 pm |
| * Josselin Mouette (joss@debian.org) wrote:
> Le sam 24/07/2004 à 10:25, Jiri Klouda a écrit :
>
> No, no and no. SPF is a completely broken idea, and it cannot work *at
> all* for domains like debian.org. That would mean listing all the IPs
> from which developers can send mail.
This isn't entirely accurate. This message is sent from a
non-debian.org domain and wouldn't have any problem w/ SPF, aiui. SPF
checks the envelope From, not the From: line. My envelope From isn't
ever my debian.org address.
> And again, I strongly disagree with enabling SPF in our default MTA. We
> shouldn't even link it with any SPF library, as that would encourage
> such bad practice.
Now that's just silly. mysql is a terrible non-SQL compliant
'database' which barely has ACID. We don't discourage linking against
it for these reasons.
Stephen
| |
| Thiemo Seufer 2004-07-28, 6:23 pm |
| Petter Reinholdtsen wrote:
> [Andrew Suffield]
>
> It is relevant in settings where debian is in an environment with
> other operating systems which do have this limitation
> (interoperability), and in such environment it is smart to stick to
> the features that work on all operating systems for consistency.
Sharing a system specific user with those is surely not desireable.
> Debian is not an island with no interaction with other systems.
Do you see a mechanism which makes the Debian-exim user name relevant
for other systems?
Thiemo
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Wouter Verhelst 2004-07-28, 6:23 pm |
| On Sat, Jul 24, 2004 at 02:48:21PM +0100, Andrew Suffield wrote:
> On Sat, Jul 24, 2004 at 02:05:35PM +0200, Petter Reinholdtsen wrote:
>
> This implies that you're using some external system for your
> passwd/group/shadow backends and therefore the behaviour of the local
> adduser is not very interesting.
Not necessarily. The Debian system could be a NIS master; and the
default setup of the NIS packages in Debian is to use /etc/passwd and
friends.
--
EARTH
smog | bricks
AIR -- mud -- FIRE
soda water | tequila
WATER
-- with thanks to fortune
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Petter Reinholdtsen 2004-07-28, 6:23 pm |
| [Thiemo Seufer]
> Do you see a mechanism which makes the Debian-exim user name
> relevant for other systems?
Yes. For example, people will start beliving that long users names is
a good idea, and fail to understand that it will break on some
systems.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Josselin Mouette 2004-07-28, 6:23 pm |
| Le sam 24/07/2004 Ã_ 16:12, Wouter Verhelst a écrit :
>
> Not necessarily. The Debian system could be a NIS master; and the
> default setup of the NIS packages in Debian is to use /etc/passwd and
> friends.
And you should not export system users and groups with NIS. The default
setup of the NIS packages is to export only the UID's >=1000.
--
.''`. Josselin Mouette /\./\
: :' : josselin.mouette@ens-lyon.org
`. `' joss@debian.org
`- Debian GNU/Linux -- The power of freedom
| |
| Thiemo Seufer 2004-07-28, 6:23 pm |
| Petter Reinholdtsen wrote:
> [Thiemo Seufer]
>
> Yes. For example, people will start beliving that long users names is
> a good idea, and fail to understand that it will break on some
> systems.
OTOH it could be argued to be an effective hint _not_ ot share system
accounts with other systems. The warning about incompatible usernames
should be done in adduser anyway, as length isn't the only problematic
trait.
Thiemo
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Stephen Frost 2004-07-28, 6:23 pm |
| * Wouter Verhelst (wouter@grep.be) wrote:
> Not necessarily. The Debian system could be a NIS master; and the
> default setup of the NIS packages in Debian is to use /etc/passwd and
> friends.
Not to mention that, sorry, it's just XXXXing ugly to have a username by
'Debian-exim'. It doesn't seem to make a damn but of sense either, has
anyone got any justification for this ugliness?
Stephen
| |
| Philippe Troin 2004-07-28, 6:23 pm |
| Josselin Mouette <joss@debian.org> writes:
> Le sam 24/07/2004 =E0 16:12, Wouter Verhelst a =E9crit :
>=20
>=20
> And you should not export system users and groups with NIS. The default
> setup of the NIS packages is to export only the UID's >=3D1000.
Which makes it really easy to add all those users to the floppy,
cdrom and sound, groups (on top of my head).
Have you ever used the setup you're advocating?
Phil.
| |
| Wouter Verhelst 2004-07-28, 6:23 pm |
| On Sat, Jul 24, 2004 at 01:13:00PM -0400, Stephen Frost wrote:
> * Wouter Verhelst (wouter@grep.be) wrote:
>
> Not to mention that, sorry, it's just XXXXing ugly to have a username by
> 'Debian-exim'. It doesn't seem to make a damn but of sense either, has
> anyone got any justification for this ugliness?
The rationale is "avoid namespace pollution". Which is silly; the
namespace is flat, no matter what. IMHO, anyone using a user name of
"exim" while installing the "exim" package and still expecting things to
work is as silly as someone creating a user name of "root" along the
"normal" root user name and still expecting things to work correctly.
--
EARTH
smog | bricks
AIR -- mud -- FIRE
soda water | tequila
WATER
-- with thanks to fortune
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Jiri Klouda 2004-07-28, 6:23 pm |
| If you use an external spfd using a socket interface
somewhere like /var/run/spfd and put that optionally
into the /etc/init.d/exim4 startup script, there is
no need to recompile. Just put this in rcpt acl:
deny !acl = spf_rcpt_acl
log_message = Something to put in logs
or
warn set acl_m8 = $sender_address
warn !acl = spf_check
message = Received-SPF: $acl_m8 ($acl_m7)
I mean, you can just want and add a header to the
mail so that the user agent will handle these mails
better. No need to deny them out flat.
Regards,
-Jiri
On Sat 24-07-04 12:01:45, Andreas Metzler wrote:
> On 2004-07-24 Jiri Klouda <jk@zg.cz> wrote:
> [...]
> [...]
>
> It has, consult the exiscan documentation. It is not enabled in binary
> packages we ship (rationale in <http://bugs.debian.org/258210> ) but
> you can easily rebuild a exim4-daemon-custom with spf-support.
> cu andreas
> --
> "See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
> fuhggvat qbja gur juveyvat tha.
> Neal Stephenson in "Snow Crash"
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
Jiri Klouda <jk@zg.cz>
http://www.zg.cz/~jk
| |
| Jiri Klouda 2004-07-28, 6:23 pm |
| On Sat 24-07-04 13:13:00, Stephen Frost wrote:
> * Wouter Verhelst (wouter@grep.be) wrote:
>
> Not to mention that, sorry, it's just XXXXing ugly to have a username by
> 'Debian-exim'. It doesn't seem to make a damn but of sense either, has
> anyone got any justification for this ugliness?
>
> Stephen
That is the point. Nobody can tell me that we are trying to avoid
some namespace polution...
These are my system groups:
root daemon bin sys adm tty disk lp mail news uucp man proxy kmem
dialout fax voice cdrom floppy tape sudo audio dip majordom postgres
www-data backup msql operator list irc src gnats shadow utmp video sasl
staff games qmail crontab ssh scanner telnetd archive gdm fbgetty dictd
clamav lpadmin mysql
.. and ...
Debian-exim
I mean, if the GNU utilities will take in account user/group names
over 8 characters, I am fine with that, but they don't. It breaks
all the output, it broke my scripts (otherwise I might not notice)
and its just ugly.
-Jiri
--
Jiri Klouda <jk@zg.cz>
http://www.zg.cz/~jk
| |
| Marc Haber 2004-07-28, 6:23 pm |
| On Sat, 24 Jul 2004 13:13:00 -0400, Stephen Frost <sfrost@snowman.net>
wrote:
>Not to mention that, sorry, it's just XXXXing ugly to have a username by
>'Debian-exim'. It doesn't seem to make a damn but of sense either, has
>anyone got any justification for this ugliness?
Please look in the numerous bug reports against exim4 complaining
about the Debian-exim user name. This is a Q A so fscking F that there
is a boilerplate reply.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Marc Haber 2004-07-28, 6:23 pm |
| On Sat, 24 Jul 2004 16:24:06 +0200, Thiemo Seufer
<ica2_ts@csv.ica.uni-stuttgart.de> wrote:
>The warning about incompatible usernames
>should be done in adduser anyway, as length isn't the only problematic
>trait.
If you want that to be in sarge adduser, file your patch soon.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Colin Watson 2004-07-28, 6:23 pm |
| On Sun, Jul 25, 2004 at 06:48:32PM +0200, Marc Haber wrote:
> On Sat, 24 Jul 2004 13:13:00 -0400, Stephen Frost <sfrost@snowman.net>
> wrote:
>
> Please look in the numerous bug reports against exim4 complaining
> about the Debian-exim user name. This is a Q A so fscking F that there
> is a boilerplate reply.
And it still sucks ...
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Simon Huggins 2004-07-28, 6:23 pm |
| On Sun, Jul 25, 2004 at 06:48:32PM +0200, Marc Haber wrote:
> On Sat, 24 Jul 2004 13:13:00 -0400, Stephen Frost <sfrost@snowman.net>
> wrote:
> Please look in the numerous bug reports against exim4 complaining
> about the Debian-exim user name. This is a Q A so fscking F that there
> is a boilerplate reply.
Have you ever considered that the users, other developers and general
consensus might *shock* *horror* be right?
Simon.
--
oOoOo "And what do we burn apart from witches?" "*More* oOoOo
oOoOo witches!" oOoOo
oOoOo oOoOo
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andrew Suffield 2004-07-28, 6:23 pm |
| On Sun, Jul 25, 2004 at 07:59:48PM +0100, Simon Huggins wrote:
> On Sun, Jul 25, 2004 at 06:48:32PM +0200, Marc Haber wrote:
>
> Have you ever considered that the users, other developers and general
> consensus might *shock* *horror* be right?
Find a better alternative. One which actually sucks less, rather than
differently.
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
| |
| Petter Reinholdtsen 2004-07-28, 6:23 pm |
| [Andrew Suffield]
> Find a better alternative. One which actually sucks less, rather than
> differently.
I'll have a look at postfix.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Steve McIntyre 2004-07-28, 6:23 pm |
| Simon Huggins writes:
>On Sun, Jul 25, 2004 at 06:48:32PM +0200, Marc Haber wrote:
>
>Have you ever considered that the users, other developers and general
>consensus might *shock* *horror* be right?
Hopefully it won't take too long for somebody more responsive to
users' wishes to package up exim4...
--
Steve McIntyre, Cambridge, UK. steve@einval.com
Is there anybody out there?
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Miles Bader 2004-07-28, 6:23 pm |
| Wouter Verhelst <wouter@grep.be> writes:
> IMHO, anyone using a user name of "exim" while installing the "exim"
> package and still expecting things to work is as silly as someone
> creating a user name of "root" along the "normal" root user name and
> still expecting things to work correctly.
Huh?
Why should anyone assume there's a connection between packages installed
and usernames used? Indeed, if more than few packages did this, it
would utterly unworkable, because package names are often very short and
quite likely to intersect with usernames.
Morever, usernames are often not picked by the person doing the
installing (e.g., consider a multi-user system), and may actually
pre-date use of debian (or the debian system may be only one machine in
an environment with global usernames).
If the length is the problem, why not just "deb-exim" or something?
That seems much less likely to conflict.
-Miles
--=20
=BC=AB=A4=E9=A4=F2=B6=F5=A4=CB=A4=B7=A4=
C6=A1=A2=BF=B4=A4=F2=B3=AB=A4=AF=BB=
=FE=A1=A2=C6=BB=A4=CF=B3=AB=A4=AB=A4=EC=
A4=EB
| |
| Russ Allbery 2004-07-28, 6:23 pm |
| Miles Bader <miles@lsi.nec.co.jp> writes:
> If the length is the problem, why not just "deb-exim" or something?
> That seems much less likely to conflict.
Anything with a non-alphanumeric character in it is an improvement over
something without that. Anything with a rarely used character is an even
better improvement (underscore, perhaps). Personally, I prefer capital
letters, but I know that drives other people nuts.
Bear in mind that there are people like me who are trying to deploy Debian
as the operating system for public login clusters, where we have no way of
retroactively deciding that some username isn't okay because it conflicts
with a system user. The standard stuff (sys, bin, etc.) has been reserved
long-back, but we certainly haven't reserved every name that matches a
Debian package name.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Marc Haber 2004-07-28, 6:23 pm |
| On Sun, 25 Jul 2004 23:06:40 +0100, Steve McIntyre <steve@einval.com>
wrote:
>Simon Huggins writes:
>
>Hopefully it won't take too long for somebody more responsive to
>users' wishes to package up exim4...
So you want to take over the package? Look at its changelog first.
As for the account name: The Debian exim4 maintainers would appreciate
a way to build Debian package account names in a non-polluting way
which doesn't suck. But, however, there are so many ways to choose the
account name (which either pollute or suck), that this way needs to be
laid down in Policy.
Oh, yeah, btw, the exim4 packages have the account name coded in a way
that makes it quite easy to be changed in a local build.
The only thing that we are uncooperative about is that the name
"Debian-exim" will only change _once_ more after policy has been
established about how account names are chosen. That update will be a
major PITA though.
All this is established knowledge with all people who think that
Debian-exim sucks. As nobody cared to take that policy step (except
me, but nobody seemed to be interested as well), I guess that
Debian-exim doesn't suck _that_ badly. If it did, somebody would have
shown more interest in establishing account naming policy.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Stephen Frost 2004-07-28, 6:23 pm |
| * Miles Bader (miles@lsi.nec.co.jp) wrote:
> Why should anyone assume there's a connection between packages installed
> and usernames used? Indeed, if more than few packages did this, it
> would utterly unworkable, because package names are often very short and
> quite likely to intersect with usernames.
Well, gee, how about because, in general, the username is the same as
the package name, and it makes it nice and clear what username is
associated w/ what package? Looking at one of my systems I see:
daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy,
majordom, postgres, www-data, backup, msql, operator, list, irc, gnats,
mysql, sshd, identd, smmsp
I'm very happy to note that *none* of them are 'deb-<blah>' or
'Debian-<blah>', and you know what? I've never had any problems w/
namespace pollution. Have any of our users actually filed bugs about
problems because of these names?
> Morever, usernames are often not picked by the person doing the
> installing (e.g., consider a multi-user system), and may actually
> pre-date use of debian (or the debian system may be only one machine in
> an environment with global usernames).
>
> If the length is the problem, why not just "deb-exim" or something?
> That seems much less likely to conflict.
It seems to me that a problem is being invented so that it can be
'fixed'. The problem doesn't exist and 'fixing' it just makes things
ugly for no reason.
Stephen
| |
| Stephen Frost 2004-07-28, 6:23 pm |
| * Russ Allbery (rra@stanford.edu) wrote:
> Bear in mind that there are people like me who are trying to deploy Debian
> as the operating system for public login clusters, where we have no way of
> retroactively deciding that some username isn't okay because it conflicts
> with a system user. The standard stuff (sys, bin, etc.) has been reserved
> long-back, but we certainly haven't reserved every name that matches a
> Debian package name.
Uh, no where *near* every Debian package needs it's own username. There
are a few here and there which do outside of the 'standard' stuff
(mysql, sshd, identd, postgres, smmsp) but not all that many really.
Have you actually run into a problem with these names to date? I
appriciate your concern but the only package I know of to do this
nastiness is exim, it would seem likely to me that if this was really a
common occurance that there'd be examples and bug reports about it.
Stephen
| |
| Stephen Frost 2004-07-28, 6:23 pm |
| * Marc Haber (mh+debian-devel@zugschlus.de) wrote:
> On Sat, 24 Jul 2004 13:13:00 -0400, Stephen Frost <sfrost@snowman.net>
> wrote:
>
> Please look in the numerous bug reports against exim4 complaining
> about the Debian-exim user name. This is a Q A so fscking F that there
> is a boilerplate reply.
Maybe that's a hint...
Stephen
| |
| Stephen Frost 2004-07-28, 6:23 pm |
| * Marc Haber (mh+debian-devel@zugschlus.de) wrote:
> All this is established knowledge with all people who think that
> Debian-exim sucks. As nobody cared to take that policy step (except
> me, but nobody seemed to be interested as well), I guess that
> Debian-exim doesn't suck _that_ badly. If it did, somebody would have
> shown more interest in establishing account naming policy.
Uh, or maybe people *realize* we *don't* need an account naming policy,
or rather that the status-quo for them is reasonable and works just
fine? You're inventing a problem here and pissing off a bunch of users,
developers, etc by trying to 'fix' it. By playing this policy game
you're pretty much saying "force us, because we won't fix it on our
own". Perhaps the best approach would be to just refer this to the tech
ctte. Maybe they'd actually take into consideration the desires of our
users and other developers.
Stephen
| |
| Hamish Moffatt 2004-07-28, 6:23 pm |
| On Mon, Jul 26, 2004 at 09:06:37AM -0400, Stephen Frost wrote:
> * Miles Bader (miles@lsi.nec.co.jp) wrote:
>
> It seems to me that a problem is being invented so that it can be
> 'fixed'. The problem doesn't exist and 'fixing' it just makes things
> ugly for no reason.
I think that's a good argument not to change it again. The only argument
I've seen against "Debian-exim" is that it's "ugly".
The BTS includes such gems as #225031,
"Exim run as user "Debian-exim". I don't like this choise,"
and #255493,
"I prefer, if you only call him "exim" ... more readable for me."
and a follow-up to #223831,
"Please use the user/groupname 'exim' instead of the terrificly long
'Debian-exim'." with no rationale, from someone who didn't even include
their real name.
The only reasonable argument (IMHO) is in #223831, which suggests
changing it to all lowercase (debian-exim). That would lower the
surprise. Anything else is just individual choice, IMHO.
Hamish
--
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Stephen Frost 2004-07-28, 6:23 pm |
| * Hamish Moffatt (hamish@debian.org) wrote:
> On Mon, Jul 26, 2004 at 09:06:37AM -0400, Stephen Frost wrote:
>
> I think that's a good argument not to change it again. The only argument
> I've seen against "Debian-exim" is that it's "ugly".
And causes problems for scripts people run, general expectations, and
the fact that pretty much everyone but the exim maintainers would prefer
'exim', which would be in-line with every other package that uses a
username in Debian, near as I can tell.
Sorry, the argument doesn't go both ways- there *are* problems w/
a username of 'Debian-exim', the many bugs you see filed about it bear
this out. Are there bugs filed the other way? Do you have some
justification for beliveing their would be?
Stephen
| |
| Russ Allbery 2004-07-28, 6:23 pm |
| Stephen Frost <sfrost@snowman.net> writes:
> * Russ Allbery (rra@stanford.edu) wrote:
[vbcol=seagreen]
> Uh, no where *near* every Debian package needs it's own username. There
> are a few here and there which do outside of the 'standard' stuff
> (mysql, sshd, identd, postgres, smmsp) but not all that many really.
That was in response to an earlier poster's comment wondering why anyone
would expect installing exim to work if there was a user account named
exim. It's hard to know in advance which packages will create users; I've
been surprised a few times.
> Have you actually run into a problem with these names to date? I
> appriciate your concern but the only package I know of to do this
> nastiness is exim, it would seem likely to me that if this was really a
> common occurance that there'd be examples and bug reports about it.
It's not that it's a common occurance, since most program names don't
happen to match people names. It's that when it *does* happen, there
aren't a lot of good ways of dealing with it, and sooner or later it will
happen.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Marc Haber 2004-07-28, 6:23 pm |
| On Mon, 26 Jul 2004 09:10:23 -0400, Stephen Frost <sfrost@snowman.net>
wrote:
>Uh, no where *near* every Debian package needs it's own username.
However, current best practice includes separating daemons. I'd expect
almost every daemon package to need its own user in the near future.
The examples that immediately come to my mind are console-log and
ippl.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Marc Haber 2004-07-28, 6:23 pm |
| On Tue, 27 Jul 2004 00:32:28 +1000, Hamish Moffatt <hamish@debian.org>
wrote:
>The only reasonable argument (IMHO) is in #223831, which suggests
>changing it to all lowercase (debian-exim).
Using upper case marker characters in usernames is common practice in
the BSD world. We adopted this practice for Debian-exim.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Clint Adams 2004-07-28, 6:23 pm |
| > Why should anyone assume there's a connection between packages installed
> and usernames used? Indeed, if more than few packages did this, it
> would utterly unworkable, because package names are often very short and
> quite likely to intersect with usernames.
More than a few packages already do this.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Marc Haber 2004-07-28, 6:23 pm |
| On Mon, 26 Jul 2004 11:51:40 -0400, Stephen Frost <sfrost@snowman.net>
wrote:
>Sorry, the argument doesn't go both ways- there *are* problems w/
>a username of 'Debian-exim', the many bugs you see filed about it bear
>this out.
Please, give me one bug number that shows a real problem caused by
Debian-exim. The standard arguments are ps and ls, the ls issue being=20
solved in the current ls.
|[3/503]mh@lefler:~$ sudo ls -al /var/spool/exim4/
|total 20
|drwxr-x--- 5 Debian-exim Debian-exim 4096 May 22 14:39 .
|drwxr-xr-x 7 root root 4096 Jun 27 10:09 ..
|drwxr-x--- 2 Debian-exim Debian-exim 4096 May 22 15:45 db
|drwxr-x--- 2 Debian-exim Debian-exim 4096 Jul 26 20:58 input
|drwxr-x--- 2 Debian-exim Debian-exim 4096 Jul 26 20:58 msglog
|[4/503]mh@lefler:~$=20
Btw, please show the relevant standard that forbids long user names
with - and capitals.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Marc Haber 2004-07-28, 6:23 pm |
| On Mon, 26 Jul 2004 09:15:30 -0400, Stephen Frost <sfrost@snowman.net>
wrote:
>Perhaps the best approach would be to just refer this to the tech
>ctte. Maybe they'd actually take into consideration the desires of our
>users and other developers.
Please, by all means, go ahead.
Sarge will, however, release with Debian-exim since exim4 is a base
package and will freeze next sunday.
Obviously, Debian-exim doesn't suck so badly that somebody else
summoned the ctte earlier.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Thomas Viehmann 2004-07-28, 6:23 pm |
| Steve McIntyre wrote:
[vbcol=seagreen]
> Hopefully it won't take too long for somebody more responsive to
> users' wishes to package up exim4...
At this point the lack of style of the discussion far outweighs any
lack of beauty that the user name might display.
Hopefully it won't take too long until all packages in Debian have
maintainers that work hard enough to make the most prominent complaint
as silly and unfounded as the one at issue here.
In the amd64 flamewar there is at least something at stake.
Kind regards
Thomas
--
Thomas Viehmann, <http://thomas.viehmann.net/>
| |
| Hamish Moffatt 2004-07-28, 6:23 pm |
| On Mon, Jul 26, 2004 at 11:51:40AM -0400, Stephen Frost wrote:
> * Hamish Moffatt (hamish@debian.org) wrote:
>
> And causes problems for scripts people run, general expectations, and
> the fact that pretty much everyone but the exim maintainers would prefer
> 'exim', which would be in-line with every other package that uses a
> username in Debian, near as I can tell.
>
> Sorry, the argument doesn't go both ways- there *are* problems w/
> a username of 'Debian-exim', the many bugs you see filed about it bear
> this out. Are there bugs filed the other way? Do you have some
> justification for beliveing their would be?
No; we don't usually file bug reports to say that everything is OK!
As Marc has said, the chief technical complaints are ls (fixed) and ps.
Where are the bugs with the other technical complaints?
Also, how often do you have to interact with the Debian-exim user
anyway? I don't remember ever having to do a 'chown exim ...' so I don't
know why I would start now.
Hamish
--
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Miles Bader 2004-07-28, 6:23 pm |
| On Mon, Jul 26, 2004 at 09:06:37AM -0400, Stephen Frost wrote:
>
> Well, gee, how about because, in general, the username is the same as
> the package name, and it makes it nice and clear what username is
> associated w/ what package? Looking at one of my systems I see:
> daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy,
> majordom, postgres, www-data, backup, msql, operator, list, irc, gnats,
> mysql, sshd, identd, smmsp
I guess in some cases such user names are historically so entrenched that
they must be retained, but I think a policy that helps to avoid future
conflicts would be a good thing.
Anyway, names like "deb-foo" or "_foo" are also pretty easy to associate
with package name "foo".
Actually I think alternative names could be even _clearer_ than the
current-style unadorned names -- e.g., seeing a username like "sys-foo" or
"pkg-foo" immediately gives you a hint that there's something special about
this username.
> I'm very happy to note that *none* of them are 'deb-<blah>' or
> 'Debian-<blah>', and you know what? I've never had any problems w/
> namespace pollution. Have any of our users actually filed bugs about
> problems because of these names?
Are you serious? Of course most home users don't have too many problems
because they've only got a few usernames themselves. The problem (as was
mentioned) is large installations that have a huge base of existing usernames
which must be shared between disparate system types, and who can't easily
change real usernames.
> It seems to me that a problem is being invented so that it can be
> 'fixed'. The problem doesn't exist and 'fixing' it just makes things
> ugly for no reason.
No, there's certainly a problem. The _extent_ of the problem is certainly
open to discussion, and it's certainly possible that debian could decide that
pretty system user names are very important, and "what the hell, screw those
large institutional users".
-Miles
--
Fast, small, soon; pick any 2.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Jiri Klouda 2004-07-28, 6:23 pm |
| Hi Marc,
thank you for fixing the ls or seeing to it and I hope the ps
and other utilities (top too I think) will follow suit,
although for me it was much easier to get rid of that one
over 8 chars long user/group name. On the other hands its
good that such shortcomming in out basic utilities was
revealed and fixed.
What I don't understand, as you say, if its just important
for the large installations, why it cannot be them to change
the user/group name, instead many users that don't have the
problem are forced to change it to something sensible.
Also, I'd like to ask if when I do my change from Debian-exim
to exim, if that will be honored (per debian policy) on the
package upgrade.
And last, I'd like to ask again, if it was too much hassle
to actually put that as an option in the pre install script.
Although I recognize the name is compiled in the package,
maybe the large installs could get a source package?
I am sorry to bring that issue, I know you work hard to get
that package working and I am glad I don't have any other
complaints 
Thank you,
-Jiri
On Mon 26-07-04 22:50:07, Marc Haber wrote:
> On Mon, 26 Jul 2004 11:51:40 -0400, Stephen Frost <sfrost@snowman.net>
> wrote:
>
> Please, give me one bug number that shows a real problem caused by
> Debian-exim. The standard arguments are ps and ls, the ls issue being
> solved in the current ls.
>
> |[3/503]mh@lefler:~$ sudo ls -al /var/spool/exim4/
> |total 20
> |drwxr-x--- 5 Debian-exim Debian-exim 4096 May 22 14:39 .
> |drwxr-xr-x 7 root root 4096 Jun 27 10:09 ..
> |drwxr-x--- 2 Debian-exim Debian-exim 4096 May 22 15:45 db
> |drwxr-x--- 2 Debian-exim Debian-exim 4096 Jul 26 20:58 input
> |drwxr-x--- 2 Debian-exim Debian-exim 4096 Jul 26 20:58 msglog
> |[4/503]mh@lefler:~$
>
> Btw, please show the relevant standard that forbids long user names
> with - and capitals.
>
> Greetings
> Marc
>
> --
> -------------------------------------- !! No courtesy copies, please !! -----
> Marc Haber | " Questions are the | Mailadresse im Header
> Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 3215
> Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 3129
>
--
Jiri Klouda <jk@zg.cz>
http://www.zg.cz/~jk
| |
| Miles Bader 2004-07-28, 6:23 pm |
| Jiri Klouda <jk@zg.cz> writes:
> What I don't understand, as you say, if its just important
> for the large installations, why it cannot be them to change
> the user/group name, instead many users that don't have the
> problem are forced to change it to something sensible.
Why are "many users" "forced to change it to something sensible"?
Because they think it's ugly?
That's, um, not very compelling, especially when compared to the much
more serious nature of the problem on the other side (user-name conflict).
-Miles
--
Run away! Run away!
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Greg Folkert 2004-07-28, 6:23 pm |
| On Tue, 2004-07-27 at 03:37, Miles Bader wrote:
> Jiri Klouda <jk@zg.cz> writes:
>
> Why are "many users" "forced to change it to something sensible"?
> Because they think it's ugly?
>
> That's, um, not very compelling, especially when compared to the much
> more serious nature of the problem on the other side (user-name conflict)..
Not to mention, the username is compiled into the binary. At least the
last time I compiled Exim4 by hand.
--
greg, greg@gregfolkert.net
The technology that is
Stronger, better, faster: Linux
| |
| Stephen Frost 2004-07-28, 6:23 pm |
| * Hamish Moffatt (hamish@debian.org) wrote:
> On Mon, Jul 26, 2004 at 11:51:40AM -0400, Stephen Frost wrote:
>
> No; we don't usually file bug reports to say that everything is OK!
Do you have some justification for believing there would be bugs filed
about the 'exim' username being used instead of 'Debian-exim'? What?
> As Marc has said, the chief technical complaints are ls (fixed) and ps.
> Where are the bugs with the other technical complaints?
The fact that ls and ps had to be fixed should have given you a hint.
It wouldn't suprise me in the least if there are other packages which
end up having problems if they do anything with usernames. Sure, you
can say "well, fix them!" but the point is- why break them? Because
you're worried you *might* have a namespace problem. This doesn't even
get into the issue that many people out there have their own scripts
which they wrote to do whatever that break because of this crappy name.
> Also, how often do you have to interact with the Debian-exim user
> anyway? I don't remember ever having to do a 'chown exim ...' so I don't
> know why I would start now.
Every damn time I run ps on a machine running it. And, sorry, even once
ps is 'fixed' I'm still going to see 'Debian-exim'; as if I somehow
didn't know I was on a Debian machine. This is getting *really* old, it
was a bad idea, it's *still* a bad idea, that's not going to change.
You're going to continue to get bugreports filed about it, you're going
to continue to break things with it and you're going to continue to go
against the Debian status-quo (which is, traditionally, what defines our
policy).
Stephen
| |
| Stephen Frost 2004-07-28, 6:23 pm |
| * Miles Bader (miles@gnu.org) wrote:
> I guess in some cases such user names are historically so entrenched that
> they must be retained, but I think a policy that helps to avoid future
> conflicts would be a good thing.
Policy is (generally) based on current practice- not as a way to force
people to change. The current practice, by far, is to use reasonable
names, generally associated w/ the package or application name and/or
whatever is encouraged by upstream (who often have an idea what they
think it should be). The reason for policy is because some people fail
to understand why the current practice makes sense/is good.
>
> Are you serious? Of course most home users don't have too many problems
> because they've only got a few usernames themselves. The problem (as was
> mentioned) is large installations that have a huge base of existing usernames
> which must be shared between disparate system types, and who can't easily
> change real usernames.
Have any of our users (who, hey, guess what, include people w/ large
installations) actually filed bugs about problems because of these
names?
>
> No, there's certainly a problem. The _extent_ of the problem is certainly
> open to discussion, and it's certainly possible that debian could decide that
> pretty system user names are very important, and "what the hell, screw those
> large institutional users".
If it's a problem then why is it that the *ONLY* package that does this
crap is exim? If other package maintainers have gotten complaints from
people about the usernames they use then please speak up, point out bug
reports, etc. So far I havn't seen *any*.
Stephen
| |
| Stephen Frost 2004-07-28, 6:23 pm |
| * Marc Haber (mh+debian-devel@zugschlus.de) wrote:
> Obviously, Debian-exim doesn't suck so badly that somebody else
> summoned the ctte earlier.
Foolish hope that the exim folks would see the light, I imagine.
Stephen
| |
| Marc Haber 2004-07-28, 6:23 pm |
| On Tue, 27 Jul 2004 08:24:22 +1000, Hamish Moffatt <hamish@debian.org>
wrote:
>Also, how often do you have to interact with the Debian-exim user
>anyway? I don't remember ever having to do a 'chown exim ...' so I don't
>know why I would start now.
Debian-exim is frequently seen in process lists, some of these
instances truncated. These complaints are valid, but IMO bugs in the
other software.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Marc Haber 2004-07-28, 6:23 pm |
| On Tue, 27 Jul 2004 00:15:21 -0700, Jiri Klouda <jk@zg.cz> wrote:
>thank you for fixing the ls or seeing to it
That's not my deed.
>Also, I'd like to ask if when I do my change from Debian-exim
>to exim, if that will be honored (per debian policy) on the
>package upgrade.=20
Probably not. The maintainer scripts are not dpkg-conffiles. If you do
that, you're completely on your own.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Toni Mueller 2004-08-11, 5:57 pm |
|
On Sun, 25.07.2004 at 21:33:31 -0700, Russ Allbery <rra@stanford.edu> wrote:
> Anything with a non-alphanumeric character in it is an improvement over
> something without that. Anything with a rarely used character is an even
> better improvement (underscore, perhaps).
Users like "Debian-exim4" are most commonly required for daemons. Why
not make them, eg. _exim4?
That should not conflict much with actual usage, and it takes up only
one character out of eight, instead of seven.
> Personally, I prefer capital letters, but I know that drives other people nuts.
Me, for instance ;)
> long-back, but we certainly haven't reserved every name that matches a
> Debian package name.
Yes... if you could tell more about that underscore usage (except that
this convention is being used in OpenBSD for such system users), I'm
very interested to hear.
Best,
--Toni++
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|
|