Am 22.09.2011 00:09, schrieb Luc Menut:
Le 21/09/2011 20:35, Florian Hubold a écrit :
Hello,
during validation of validation of msec/sectool update candidates,
a problem showed up: https://bugs.mageia.org/show_bug.cgi?id=1621
...
But if we want security reports to be sent to local users if they
specify so, how to proceed further?
msec can work very well without sending these reports by email; all the
security's reports are available in /var/log/security, and msec notifies the
user about this at each time it runs, so sendmail is absolutely not mandatory.
So I think that msec shouldn't have a Requires on sendmail-command,
eventually it can be a Suggest.
But perhaps we could/should change the configuration of msec to not send
email by default, by adding MAIL_WARN=no in /etc/security/msec/security.conf.
So, to summarize, there happen to be multiple solutions here:
1. do NOT require an MTA, let users manually read reports from /var/log/security
maybe even remove nail from msec Requires as it is currently non-functional.
Also Luc's proposal cited above could be realized.
2. do require sendmail-command, which will pose a problem to users
installing from the CLI, because they are presented with a choice:
One of the following packages is required:
1 dma
2 ssmtp
3 postfix
4 sendmail
5 msmtp
Please make a selection:
Additionally this will force an MTA onto every default installation and
every
installation that currently has msec installed.
3. do require dma, which is a rather minimal MTA, and delivers without
configuration
Please see https://bugs.mageia.org/show_bug.cgi?id=2255#c36 for details.
This would also allow coexistence with an already-installed MTA, IIUC.
4. Try to fix nail, which is required by msec and so in every default
installation,
so that it is able to deliver mail by itself, without sendmail.
Please give your votes.
