on Fri, 23 Sep 2011 05:37 in the Usenet newsgroup gmane.linux.mageia.devel Florian Hubold wrote:
> Am 22.09.2011 00:09, schrieb Luc Menut: >> Le 21/09/2011 20:35, Florian Hubold a écrit : >>> Hello, >>> >>> during validation of validation of msec/sectool update candidates, >>> a problem showed up: https://bugs.mageia.org/show_bug.cgi?id=1621 >> ... >>> >>> But if we want security reports to be sent to local users if they >>> specify so, how to proceed further? >>> >> >> msec can work very well without sending these reports by email; all the >> security's reports are available in /var/log/security, and msec notifies the >> user about this at each time it runs, so sendmail is absolutely not >> mandatory. >> So I think that msec shouldn't have a Requires on sendmail-command, >> eventually it can be a Suggest. >> >> But perhaps we could/should change the configuration of msec to not send >> email by default, by adding MAIL_WARN=no in /etc/security/msec/security.conf. >> >> > So, to summarize, there happen to be multiple solutions here: > > > 1. do NOT require an MTA, let users manually read reports from > /var/log/security > maybe even remove nail from msec Requires as it is currently > non-functional. > Also Luc's proposal cited above could be realized. 1a. Popup box (this sort of happens in KDE) or a "write" message to the tty that says, "go read the logs". > 2. do require sendmail-command, which will pose a problem to users > installing from the CLI, because they are presented with a choice: > > One of the following packages is required: > 1 dma > 2 ssmtp > 3 postfix > 4 sendmail > 5 msmtp > Please make a selection: > > Additionally this will force an MTA onto every default installation and > every > installation that currently has msec installed. > > 3. do require dma, which is a rather minimal MTA, and delivers without > configuration > Please see https://bugs.mageia.org/show_bug.cgi?id=2255#c36 for details. > This would also allow coexistence with an already-installed MTA, IIUC. > > 4. Try to fix nail, which is required by msec and so in every default > installation, > so that it is able to deliver mail by itself, without sendmail. Impossible question but would that involve much work? > Please give your votes. Anything that works is acceptable. If you want to get fancy, offer a choice that includes "none (will lose functionality)". Default to whatever MTA has already been selected, or dma if no previous selection has been made.
