We need a new subject- bug fixes

Les Mikesell lesmikesell at gmail.com
Sun Mar 4 22:13:22 UTC 2007 

Rahul Sundaram wrote:

> 
>> OpenOffice is the particular thing I had in mind, but I suspect there 
>> are others.  I'm not talking about additional packages - this is in 
>> reference to your comment about not deviating from upstream.
> 
> Again probably licensing reasons.

Licensing as in it is illegal to redistribute the upstream version, or 
licensing as in someone arbitrarily doesn't like or agree with the license?

> I made no absolute statements that no 
> packages ever deviate. I said that Fedora packages generally avoid 
> patches and I stand by that.

Hence my comment that it deviates when it suits their fancy to deviate.

>> I suppose if you break a program's intended functionality there's not 
>> so much to maintain.  That doesn't seem like a great thing to do, 
>> though, especially without providing an easy/obvious way undo it.  In 
>> any case it is hard to imagine any 'upstream' version of sendmail ever 
>> delivered with that configuration
> 
> Perhaps you send to actually check instead of speculating what upstream 
> does. Sendmail is enabled by default but not configured to connect to 
> external ports in order to deliver local mail for root user but avoid 
> the additional security issues with connecting to external ports by 
> default. If there is a security hole in sendmail and it connects to 
> external ports by default, it is remotely exploitable. If only connects 
> to local host, then the security risk is lowered.

That would apply to all network services, yet none of the others are 
handled this way.

 > I dont see how this is
> breaking any functionality since this is a well documented configuration 
> change for security reasons.

Documented as in 'man sendmail' where you expect to find documentation? 
  How can removing network access from a network mail transport not 
break functionality?

 > It is trivially easy to uncomment a line
> and configure sendmail to connect to external ports.

Yet no other network service requires this kind of change to bring the 
RH/fedora distribution version back to normal operation as you'd expect 
in the upstream version.

 > What exactly are you suggesting?

That the distribution sendmail configuration is handled entirely 
differently than all the other services that have distribution-specific 
and fairly systematic ways to activate them.  It's not only different 
from upstream, it's different from every other fedora packaging 
modification in not moving the distro-specific changes under 
/etc/sysconfig and providing a config program to control it easily.

-- 
   Les Mikesell
    lesmikesell at gmail.com

More information about the fedora-list mailing list