Rahul Sundaram wrote:
OpenOffice is the particular thing I had in mind, but I suspect there
are others. I'm not talking about additional packages - this is in
reference to your comment about not deviating from upstream.
Again probably licensing reasons.
Licensing as in it is illegal to redistribute the upstream version, or
licensing as in someone arbitrarily doesn't like or agree with the license?
I made no absolute statements that no
packages ever deviate. I said that Fedora packages generally avoid
patches and I stand by that.
Hence my comment that it deviates when it suits their fancy to deviate.
I suppose if you break a program's intended functionality there's not
so much to maintain. That doesn't seem like a great thing to do,
though, especially without providing an easy/obvious way undo it. In
any case it is hard to imagine any 'upstream' version of sendmail ever
delivered with that configuration
Perhaps you send to actually check instead of speculating what upstream
does. Sendmail is enabled by default but not configured to connect to
external ports in order to deliver local mail for root user but avoid
the additional security issues with connecting to external ports by
default. If there is a security hole in sendmail and it connects to
external ports by default, it is remotely exploitable. If only connects
to local host, then the security risk is lowered.
That would apply to all network services, yet none of the others are
handled this way.
> I dont see how this is
breaking any functionality since this is a well documented configuration
change for security reasons.
Documented as in 'man sendmail' where you expect to find documentation?
How can removing network access from a network mail transport not
break functionality?
> It is trivially easy to uncomment a line
and configure sendmail to connect to external ports.
Yet no other network service requires this kind of change to bring the
RH/fedora distribution version back to normal operation as you'd expect
in the upstream version.
> What exactly are you suggesting?
That the distribution sendmail configuration is handled entirely
differently than all the other services that have distribution-specific
and fairly systematic ways to activate them. It's not only different
from upstream, it's different from every other fedora packaging
modification in not moving the distro-specific changes under
/etc/sysconfig and providing a config program to control it easily.
--
Les Mikesell
lesmikesell@xxxxxxxxx
