[Popcon-developers] Bug#264593: popularity-contest: it should be possible to configure user which invokes sendmail

Bill Allombert Bill Allombert <allomber@math.u-bordeaux.fr>, 264593@bugs.debian.org
Tue, 10 Aug 2004 13:50:27 +0200 

On Tue, Aug 10, 2004 at 09:48:56AM +0200, Martin Dickopp wrote:
> Except for popcon, I have never encountered a situation (either in
> GNU/Linux or in traditional Unix variants) where it was necessary to
> allow "root" to send mail to the outside world.  The "root" account
> should only be used for system administration, which doesn't include
> sending mails (except locally to the admin).

> That said, I don't really want to convince you.  But I hope that, even
> you think such a configuration is completely unreasonable, you realize
> that there might be others user who agree with my position.  Therefore,
> my hope is that you accept the patch which strictly reduces the amount
> of enforced policy.  I think that in the light of Social Contract #4,
> you should not reject a patch solely because it gives users more freedom
> to set local policies, including policies you disagree with.

My position is that your patch does not achieve anything that cannot
be achieved already, given it only touch configuration files that are
meant to be modified by the user, so your patch does not 
"strictly reduces the amount of enforced policy" (whatever that means),
it just make things to work a different way. If you really think this way
is better, you have to argue it.

> My apologies if I have misunderstood you and you dislike the patch
> for other reasons.

Well, I suppose there are some misunderstandings from both part.

1) I would like to know what benefits there are to forbid root to send
   email to the outside world.

2) I would like to know whether a sizeable number of users are likely 
   to want to setup such a policy.

3) Without your patch, users that want to implement that policy need
   to change one line in the conffile /etc/cron.weekly/popcon. With that
   patch, those users need to change one line in the conffile
   /etc/popularity.conf. I don't see any real benefit here.

4) For full disclosure, we (popcon maintainers) discussed the issue
   before and we came to the conclusion that:

4.1) It was not possible to guess a non-root account suitable to send
     email to the outside world.

4.2) Adding yet another debconf template to ask the user to give a
     suitable account was not deemed a good idea.

4.3) We should keep things simple so people that need to change 
     /etc/cron.weekly/popcon can do it without too much hassle.

4.4) Alternatively we could add a popcon user and use it to send email,
     unfortunately we would have no way to ensure the mail system is properly
     configured for that user.

5) Invoking SC #4 on dubious ground is a sure way to escaladate issues.

Cheers,
Bill.