We need a new subject- bug fixes
Les Mikesell
lesmikesell at gmail.com
Sun Mar 4 22:13:22 UTC 2007
Rahul Sundaram wrote:
>
>> OpenOffice is the particular thing I had in mind, but I suspect there
>> are others. I'm not talking about additional packages - this is in
>> reference to your comment about not deviating from upstream.
>
> Again probably licensing reasons.
Licensing as in it is illegal to redistribute the upstream version, or
licensing as in someone arbitrarily doesn't like or agree with the license?
> I made no absolute statements that no
> packages ever deviate. I said that Fedora packages generally avoid
> patches and I stand by that.
Hence my comment that it deviates when it suits their fancy to deviate.
>> I suppose if you break a program's intended functionality there's not
>> so much to maintain. That doesn't seem like a great thing to do,
>> though, especially without providing an easy/obvious way undo it. In
>> any case it is hard to imagine any 'upstream' version of sendmail ever
>> delivered with that configuration
>
> Perhaps you send to actually check instead of speculating what upstream
> does. Sendmail is enabled by default but not configured to connect to
> external ports in order to deliver local mail for root user but avoid
> the additional security issues with connecting to external ports by
> default. If there is a security hole in sendmail and it connects to
> external ports by default, it is remotely exploitable. If only connects
> to local host, then the security risk is lowered.
That would apply to all network services, yet none of the others are
handled this way.
> I dont see how this is
> breaking any functionality since this is a well documented configuration
> change for security reasons.
Documented as in 'man sendmail' where you expect to find documentation?
How can removing network access from a network mail transport not
break functionality?
> It is trivially easy to uncomment a line
> and configure sendmail to connect to external ports.
Yet no other network service requires this kind of change to bring the
RH/fedora distribution version back to normal operation as you'd expect
in the upstream version.
> What exactly are you suggesting?
That the distribution sendmail configuration is handled entirely
differently than all the other services that have distribution-specific
and fairly systematic ways to activate them. It's not only different
from upstream, it's different from every other fedora packaging
modification in not moving the distro-specific changes under
/etc/sysconfig and providing a config program to control it easily.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list