On 8/28/2015 3:03 AM, Will Yardley wrote:
On Fri, Aug 28, 2015 at 01:37:18PM +0900, Stephen J. Turnbull wrote:
Mark writes:
> First, apologies if this has been discussed before. I run a number
> of mailman lists on a Centos 6 platform and mailman 2.1.12-25. This
> version was updated in July as follows:
> https://rhn.redhat.com/errata/RHSA-2015-1417.html and included
> fixes for a number of DMARC issues. Including "... With this
> update, domains with a "reject" DMARC policy are recognized
> correctly.."
Stock Mailman 2.1.12 doesn't do any DMARC detection. This is quite
bizarre that they would backport such a feature rather than update to
2.1.18-1 or later. Mailman 2.1 is hardly an unstable package.
That's the way most "stable" Linux distributions do it. I think it has a
lot to do with keeping the complex web of interdependencies in check,
but probably also has to do with keeping features predictable. Even with
security issues, generally, they go to quite a bit of work to backport
things, rather than change versions.
Not sure about 6, but the specific way they backported the changes for
the DMARC patch on EL5 had to do partially with dependencies... either
the fact that the normal version didn't depend on dnspython and this one
did, or the version of dnspython required wasn't available in EL5 (looks
like they actually ended up vendoring dnspython inside the Mailman
package).
Folks who want more up to date versions tend to either jump major
releases more often, use third party repos, rebuild RPMs from upstream,
or just build from source. We use the vendor provided Mailman package,
and for the most part, it works for us, though in cases like this, it is
problematic.
w
It appears to me that if someone were to back-port the DMARC changes
from 2.1.18 back to 2.1.12, then there is a possibility that there
will be problems with the back-port due to code changes between
.12 and .18. When I looked at the Ubuntu changes, I saw many
changes that were not documented, and I had no idea what they did.
Part of the problem in Ubuntu (or any other packager) who wants
to create a package for a newer Mailman is that all of these
patches, whether created to fix bugs or add features, have to be
re-fitted into the code. And that takes time. I am not sure
which process is more prone to introduce errors - re-fitting
patches into a newer Mailman or trying to re-fit DMARC patches
into on older Mailman.
This is why I determined, when I was running a Mailman installation
on Ubuntu, that I would create my own package from the SourceForge
source instead of installing the Ubuntu Mailman package. It took
me a while to figure out how to do it, but once I did it, I had
the instructions to re-do it for subsequent SF Mailman releases.
I wanted to know exactly what source I was running, so I could get
assistance from the authors via this list.
--Barry Finkel
--Barry Finkel
------------------------------------------------------
Mailman-Users mailing list [email protected]
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
