Subject: Re: Postfix
To: Thor Lancelot Simon <>
From: Pete Naylor <>
List: current-users
Date: 08/15/2000 12:34:44
Thor Lancelot Simon wrote...

> > (as you can
> > tell, I'm not of the opinion that more daemons equates to more security).
> Improved modularity of code generally leads to more security when it
> assists in isolating and minimizing security-critical sections. 

That's a nice theory.

> Postfix is a good example of that rule successfully applied.

Yes, the code is quite modular - and that's a good thing.  It's not as
though postfix hasn't had some problems though.  The same is true of the
sendmail source, the exim source and the qmail source (all modular to
varying degrees).  In the case of postfix, you also wind up with a bunch
of binaries, which is neither good nor bad in respect to the theoretical
consideration above. In practice though, it's ugly and more prone to have
one component fail and cause a mess that's difficult for someone unfamilar
with the software to diagnose.

> Unfortunately, many programs that people feel very passionate about
> (perhaps because they've beaten them into submission at some point
> early in their careers and feel nostalgic)

Or perhaps they just like the software because it does what they want it
to do in the manner that they prefer.  The software might also no longer
be "beta" or "experimental".  That doesn't seem to have occurred to you
and others with the holier-than-thou "you will like postfix, because I do,
and because I've misinterpretted some theory or other" attitude.

> are examples of particularly
> egregious *failure* to understand that rule. 

Personally, I think you've failed to understand the theory.  You've
twisted it to apply to postfix in order to justify pushing it upon people
who are happy with the existing tool.  In time, I suppose the postfix code
might be more modular than it is now, and if we're really *cough* lucky,
it'll build into twice as many binaries, allowing a message to be passed
between a growing number of separate components to increase message
routing latency, and of course, doubling the security of the MTA right?

> Sendmail and, amusingly,
> Ylonen SSH and its various offspring are among the "best" examples
> of that.

Don't use them.  Replace the distributed sendmail with an MTA of your
choosing, and install openssh if you wish.  I'll be very happy for you,
and I'll be even happier for me, because I'll still have the basic tools
that I'm comfortable with and which I can (and often do) replace with my
preferred tools.  Don't presume to know what others prefer, because you'll
come off looking like an ass, and you'll adversely affect the viability of
NetBSD in practical environments.

> Incidentally, one thing you're overlooking, perhaps because nobody
> communicated it very well,

Nobody communicated it at all.  In fact, after looking through the
archives, I can't find much discussion at all about the idea of replacing
the standard tool with an incomplete substitute.

> is that one key reason we originally sought
> to use Postfix in NetBSD was the decision by the Sendmail authors to
> place their code under a GPL-like license. 

So?  Should we throw away all the GPL tools we regularly depend on and
suffer with poor (or often non-existent) substitutes?  Got a theory you
can twist to fit that situation?

> Though not perfect, the
> license Postfix was distributed under at that time was quite a bit
> more helpful to those building binary-only (e.g. embedded -- and
> that's a big segment of our commercial users) products from NetBSD.
> We also anticipated that the Postfix license would change for the
> *better* (that is, become more BSD-like), not for the worse.

Umm - it seems that some people also anticipated that the software would
sometime be something more than "beta" or "experimental" quality too, and
that all users wouldn't mind having their familiar tools torn out.

> Unfortunately, that didn't happen. 

Never mind.  It's not too late to reverse this foolish idea and return to
distributing NetBSD with the tool that many people depend on and are quite
happy with, thereby avoiding the disappointment of all those people who
have an alternative preference that doesn't match yours.

> But personally I'm quite glad
> Postfix is in the distribution; probably at least as much as you
> are upset that Sendmail is no longer the only MTA we ship.

Good for you, and too bad for everybody else.  You needn't have told me
this, it was obvious that this whole postfix mistake resulted from the
selfish desires of a few fans, and nothing more.

Pete Naylor