Shlomi Fish wrote:
That's not an anti qmail discussion. this is you saying you don't like qmail, and other people disagreeing with you.For other anti-qmail discussion see:
http://perl.org.il/pipermail/perl/2004-October/005989.html
http://discuss.joelonsoftware.com/default.asp?joel.3.72853.10
This is you linking to the the previous. Shlomi, this is called "Trolling".
Yesterday you talked to me about this. You said qmail had a security hole - it didn't. You said ezmlm-idx could not do subscription moderated lists. When asked which was more likely, that you missed the option, or that I misremember doing it, you just repeated the claim. Well, rules of argument state that when one states something is impossible, and another state that it is possible, the burden of proof is on the later. As the burden of proof is on me, I hereby give you the following passage from the man page for ezmlm-make from the ezmlm-idx package inside Debian Woody:
-s Subscription moderation. ezmlm-make enables subscription moderation by touching dir/modsub. This affects subscriptions
for both the main list and the digest list. See the -m option on how moderator addresses are stored and manipulated.
As for some of the other times my name was brought up on this thread:
C. people are used to it just being there. working the way it does.Well, I don't know postfix. The little I do know shows me that it's virtual domains support isn't nearly as good as qmail's, but this is not very relevant to us, as we are not heavy virtual domains users. Still, there is *NO* technical reason to replace it.
That would be me, Tzafrir and Shachar. I know qmail more than I do postfix,
If you do replace to postfix, I will probably not help with administrating it.
Omer said:
We do need a volunteer to maintain a clone of the server machine - withI have such a system, inside a vmware virtual machine, used for precisely this. That is how I maintain my servers.
exactly the same versions of build tools, Perl interpreter, libraries,
etc. The clone will be used for building any software needed for the real
server.
Shlomi again, said:
Ori Idan had told me about what Shachar did to beak. It's a system full of scripts, a chroot-jail and a Debian Woody-that isn't quite Debian. They'd like to re-install it. I'm not going there. Eskimo's configuration will remain pretty much standard.Quoting like that is both not fair AND mean. I cannot defend this configuration, as Ori is not here (hint, for the socially inept - this is a time for an apology).
Beak was set up with the knowledge of it keeping Hamakor's members personal details on it. It was hardened accordingly. It was pure Woody (the machine had about two non-woody packages on it, all told). It was set up with a minimal installation (which included no compiler, true), and with chroots. As a result, it was not friendly to the people logging in to it. Personally, I don't see it as a problem. I don't think that a production server should be a machine people would be encouraged to play around with. Other people disagree. That's their right.
The scripts Ori mentions are there to prevent the configuration from breaking, rather than to keep it running. When the way the board managed requests caused me to resign from the post sysadmin, I set down with the replacement they found (Nadav Mavor) and explained the setup. It may well be that Nadav found the setup hard to keep around, and wanted to change things. I cannot attest to what the current situation there is, as I don't know.
I can point you to one person who complained deeply about the setup, though. Ilya Konstantinov was one of the people who helped manage the mirrors on beak. If you want to read what he had to say about that, about a year later, check out http://mirror.hamakor.org.il/archives/linux-il/04-2005/14820.html.
Was beak over hardened? Maybe. One of the problems with security is that you never know when you are too secure, and you have to be lucky to know if you are not secure enough. As such, it's hard to get it right. Then again, it's a question whether people who are not those who will have to lose several hours of sleep, and drive 200Km in order to fix the security problem once it's exploited have earned the right to voice their opinion.
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html
