Comment 22 for bug 2023971

Hi Miha,

First of all, thanks for your work on this Miha.

You've summarized it very well and you're right that moving in a different direction than upstream always involves more delicate work in the future. Upstream's discussion is ongoing [1], and we don't know the decision they could make even if we (I) provide as fast as possible what they need to take it:

- specific tests
- data (that we have from this MIR study already)
- Extending the patch: completely switching even from libemail-simple-perl for general email handling.
- and as extra and beyond: making/checking it is compliant with latest RFC DMARC/DMARCbisfor, making our proposal more robust (although it is out-of-scope of the original PR) [1.1]

since for the moment they don't find a compelling reason to change the dependency [1.2] because:

- the security issue is solved [2] (as you rightly point out too)
- they are perfectly within their rights that our main/universe distinctions are not a priority for them.

Coming back to the Requires TODO for ACK in the MIR review of libemail-mime-perl [3], the #0 is that libemail-mime-perl passes the security review: Would that package be reviewed by security to see if we can go back to it? The security review (SEC-2671) was blocked and later rejected due to the switching to libmime-tools-perl.

I have no objection to reverting back to libemail-mime-perl if:
- The libemail-mime-perl security review (SEC-2671) passes with an ACK/OK.
- TODO #2 (duplicity) can be overcome.

Thank you in advance!

[1] https://github.com/msimerson/mail-dmarc/pull/217
[1.1] https://github.com/msimerson/mail-dmarc/pull/217#issuecomment-2010843067
[1.2] https://github.com/msimerson/mail-dmarc/pull/217#issuecomment-2010862484
[2] https://github.com/msimerson/mail-dmarc/issues/216#issuecomment-1945033737
[3] https://bugs.launchpad.net/ubuntu/+source/libemail-mime-perl/+bug/2030880/comments/1