Consider dropping sendmail as a required core component
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lsb |
In Progress
|
Medium
|
Unassigned | ||
Mandriva |
In Progress
|
Medium
|
Bug Description
Hello,
Unixish systems have had a long history of having /usr/bin/sendmail available,
which is probably why its existence is mandated in the LSB.
However, that requirement is really hard and not sensible to implement those
days. Right now it means that whenever you install the "lsb" package on LSB
conformant distributions, it pulls in a MTA, which is not something which is
ever required if all you do is to install a printer driver from
openprinting.org or an LSB-packaged Google earth, or whatever.
With today's spam filtering, running MTAs on random desktops simply does not
work any more, at least not in the "classical" sense. So you have to set it up
as a relaying MTA to your mail provider, but first that's heavily user
unfriendly (because a lot of people don't know what all that means, are using
web clients, or using MUAs which do the SMTPing themselves), and second it
opens up a network port for an otherwise unused service, thus introducing a
security attack vector.
Of course the current LSB does not actually explicitly say that
/usr/bin/sendmail must actually be capable of sending mail to the outside
world. That means that distros can (and do) configure e. g. postfix or exim to
default to local delivery only, or shipping a minimal stub which just errors
out or just does local delivery. However, that makes it more complicated than
necessary to actually set up a real MTA. It also only fulfills the LSB to the
letter, but not to the spirit.
A crippled MTA is *much* worse than no MTA at all. In the former case,
applications who see sendmail will just send mail into oblivion (few, if any,
desktop users actually read /var/spool/mail), whereas in the latter case,
applications see that an MTA isn't available and use a more appropriate means
of communication.
Especially on desktop systems, applications shouln't expect to have local email
delivery available, and most don't. Distro packages which do have to depend on
an MTA anyway, and LSB packages should just check if /usr/bin/sendmail is
available instead of blindly assuming that they can send mail to anywhere
without any configuration and no error handling.
So in summary, the LSB should continue to define the behaviour or
/usr/bin/sendmail, but not mandate that it is available on all systems
(especially not on desktops).
Changed in mandriva: | |
importance: | Unknown → Medium |
status: | Unknown → In Progress |
tags: | added: zdecide |