diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2011-September/008334.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2011-September/008334.html | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2011-September/008334.html b/zarb-ml/mageia-dev/2011-September/008334.html new file mode 100644 index 000000000..c414edc16 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-September/008334.html @@ -0,0 +1,187 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E7C47A2.4040507%40arcor.de%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="008326.html"> + <LINK REL="Next" HREF="008337.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?</H1> + <B>Florian Hubold</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E7C47A2.4040507%40arcor.de%3E" + TITLE="[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?">doktor5000 at arcor.de + </A><BR> + <I>Fri Sep 23 10:47:30 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="008326.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008337.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8334">[ date ]</a> + <a href="thread.html#8334">[ thread ]</a> + <a href="subject.html#8334">[ subject ]</a> + <a href="author.html#8334">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Am 22.09.2011 23:11, schrieb andre999: +><i> Florian Hubold a écrit : +</I>>><i> Am 22.09.2011 00:09, schrieb Luc Menut: +</I>>>><i> Le 21/09/2011 20:35, Florian Hubold a écrit : +</I>>>>><i> Hello, +</I>>>>><i> +</I>>>>><i> during validation of validation of msec/sectool update candidates, +</I>>>>><i> a problem showed up: <A HREF="https://bugs.mageia.org/show_bug.cgi?id=1621">https://bugs.mageia.org/show_bug.cgi?id=1621</A> +</I>>>><i> ... +</I>>>>><i> But if we want security reports to be sent to local users if they +</I>>>>><i> specify so, how to proceed further? +</I>>>><i> +</I>>>><i> msec can work very well without sending these reports by email; all +</I>>>><i> the security's reports are available in /var/log/security, and msec +</I>>>><i> notifies the user about this at each time it runs, so sendmail is +</I>>>><i> absolutely not mandatory. +</I>>>><i> So I think that msec shouldn't have a Requires on sendmail-command, +</I>>>><i> eventually it can be a Suggest. +</I>>>><i> +</I>>>><i> But perhaps we could/should change the configuration of msec to not +</I>>>><i> send email by default, by adding MAIL_WARN=no in +</I>>>><i> /etc/security/msec/security.conf. +</I>>>><i> +</I>>><i> So, to summarize, there happen to be multiple solutions here: +</I>>><i> +</I>>><i> 1. do NOT require an MTA, let users manually read reports from +</I>>><i> /var/log/security +</I>>><i> maybe even remove nail from msec Requires as it is currently +</I>>><i> non-functional. +</I>><i> +</I>><i> Reading from /var/log/security is not especially user-friendly, and will be +</I>><i> ignored by less savy users. +</I>Less savvy users might also not want to read security reports, also it would +mean they +can't interpret them properly or fix the cause of reported problems, no? +><i> +</I>>><i> Also Luc's proposal cited above could be realized. +</I>><i> +</I>><i> see below. +</I>><i> +</I>>><i> 2. do require sendmail-command, which will pose a problem to users +</I>>><i> installing from the CLI, because they are presented with a choice: +</I>>><i> +</I>>><i> One of the following packages is required: +</I>>><i> 1 dma +</I>>><i> 2 ssmtp +</I>>><i> 3 postfix +</I>>><i> 4 sendmail +</I>>><i> 5 msmtp +</I>>><i> Please make a selection: +</I>>><i> +</I>>><i> Additionally this will force an MTA onto every default installation and +</I>>><i> every +</I>>><i> installation that currently has msec installed. +</I>><i> +</I>><i> Solution 3 avoids the complication of choosing, with virtually no disadvantage. +</I>><i> +</I>>><i> 3. do require dma, which is a rather minimal MTA, and delivers without +</I>>><i> configuration +</I>>><i> Please see <A HREF="https://bugs.mageia.org/show_bug.cgi?id=2255#c36">https://bugs.mageia.org/show_bug.cgi?id=2255#c36</A> for details. +</I>>><i> This would also allow coexistence with an already-installed MTA, IIUC. +</I>><i> +</I>><i> (dragonfly mail agent) +</I>><i> If this works, I'd say that it is the best solution, since it is very compact +</I>><i> (64k), and virtually every system will have the DNS it requires installed. +</I>><i> (Unless of course they don't have Internet or network access. In which case +</I>><i> msec would not be particularly important.) +</I>><i> Note that it is only at version 0.2 (or 0.3 upstream), so we should test it +</I>><i> carefully. +</I>><i> +</I>>><i> 4. Try to fix nail, which is required by msec and so in every default +</I>>><i> installation, +</I>>><i> so that it is able to deliver mail by itself, without sendmail. +</I>><i> +</I>><i> Solution #3 seems much better in every respect. +</I>><i> +</I>>><i> Please give your votes. +</I>><i> +</I>><i> Solution 3, with changes/verifications noted below. +</I>><i> Since it is much simpler for the end-user to always have the capability to +</I>><i> send security alerts if an email address is entered, without installing +</I>><i> anything extra. +</I>><i> +</I>><i> There are 2 options at the bottom of the first security page of msec, which +</I>><i> should already realise Luc's proposals. They may have to be fixed. +</I>><i> +</I>><i> a) An option to send a security alert by email, where one enters the email +</I>><i> address. By default it is checked. +</I>><i> However, if no valid format email address is entered, an email should _not_ +</I>><i> be sent. +</I>><i> As well, we should display something similar to +</I>><i> "(Enter {userid}@localhost for a local user.)", +</I>><i> to help ensure that the user enters a valid local address. +</I>><i> (Note that there are multi-line descriptions for all the other options above +</I>><i> on the same page, so this would fit nicely.) +</I>><i> +</I>><i> b) An option to display security alerts on the desktop. Again, checked by +</I>><i> default. They should probably remain visible until the user dismisses them. +</I>><i> (They currently display for a few seconds, then disappear.) +</I>><i> +</I>><i> My 2 cents :) +</I>><i> +</I>Feel free to send patches for a) and b). +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="008326.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008337.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8334">[ date ]</a> + <a href="thread.html#8334">[ thread ]</a> + <a href="subject.html#8334">[ subject ]</a> + <a href="author.html#8334">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |