Subject: Re: CVS commit: src/distrib/sets/lists
To: Hisashi T Fujinaka <>
From: Douglas Wade Needham <>
List: current-users
Date: 06/01/2006 13:16:29
	autolearn=ham version=3.1.0

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Partially because of real life issues (an 84-yo father who fell a year
ago and is now literally on his death bed, along with work demands at
the startup for which I work), I have been able to neither follow
NetBSD as close as I desired, or to work on porting it to several PPC
CPCI cards I have along with some Zope related pkgsrc stuff.  But I
have been doing regular (every weeknight) builds of -current and
trying to use it both on my HP 9000/715 and a -i386 type machine.  So
what I am going to say might not have helped me in specific, but
probably would have saved a number of folks some grief.

First, let me say that for my main mail machines (a bastion host and a
mail hub), I am using a version of sendmail from pkgsrc on 3.0, and
have them configured with things like spamd, domain masquerading,
virtual hosts, majordomo, etc.  In those cases, there almost certainly
would have been an impact by this decision.  However, for those
machines where I am tracking -current and do not have packages
installed, these past couple of days have caused me grief.  I added in
a local build target similar to the one for x11 to the &
makefile, in which I install localized config files which route email
to my mail hub.  With the removal of the /usr/share/sendmail
structure, I had the additional fallout of my having the directory
structure and my files under it, but the definitions were no longer in
the base/mi list.  Easy fix, but...still a PITA which I would have
liked to have avoided.  Now...for my real input.

Quoting Daniel Carosone (
> On Wed, May 31, 2006 at 09:46:19PM -0700, Hisashi T Fujinaka wrote:
> > I am not in core. I can not read any of core's publications. Core is a
> > secret cabal, in this sense.
> No comment on this point.. :)
> > I used stock sendmail. I tried to convert my -current system to use
> > pkgsrc sendmail and there are pieces missing (like an rc.d script).
> These things will be resolved, as will several other items along the
> way.  We will also have more detailed announcements about the
> reasoning behind the change (summarising the thread from a few months
> ago) and advising users of the various migration paths, in due course.

I will not comment about core or security mailing lists beyond saying
that I can see the need for a communications channel where certain key
issues can be discussed without the whole world knowing about critical
security flaws, etc.  What I will say is that at this point, I
certainly cannot see any reason a discussion about the possible
removal of sendmail could not have been carried out on a list such as
this, just as other feature changes are often discussed.  I certainly
could find no sign of it in my mail archives, and I archive all
messages from mailing lists such as those for NetBSD.  Yes, it might
have been heated discussion, perhaps one of the more heated ones we
have had in recent times.  And yes, there may have been things that
some folks might have to keep under their hats and merely say
something like "there is a very extremely serious open security
issue".  But I think that besides letting folks know what was coming
up and letting them prepare (by doing things such as looking at docs
for the new MTA), it probably would have made any decision be done in
a more informed matter.  I say this last because regardless of how
informed a given subset of people may be when making a decision, there
is always someone out there in the larger set who has information
which the subset does not have.

Do I agree with the change in the default MTA/MDA?  I honestly cannot
say at this point.  I have been using sendmail since the earliest of
the early releases, back in the BSD 4.x days, if not before.  As a
result, I have sometimes resorted to direct hacks to the CF files over
the years, which I read just like I read a menu in a French
restaurant.  But I have also wondered about postfix and other
MTAs/MDAs, and as someone who not only runs several domains but also
does consulting, I know there is always more to learn.  And that
perhaps there are even better ways to do what I have always done.  So,
if you want my answer, ask me around the holidays, and I will give you
my better informed opinion.  I may find that it works better at
rejecting spam before it is even accepted at my sites, and may reduce
the number of rules I have for rejecting connections from places such
as a number of Chinese ISPs much simpler.

Now, I will also say, if the main or only reason for sendmail being
dropped was SA2006-010 (aka CERT VU#834865), then the reason was a
real big meadow muffin on a hot summer day.  The reason I say this is
that the last vulnerability I found prior to this was Sep 2003.  Now,
some may argue that postfix or some other MTA/MDA is more secure.  I
will point out that sendmail just happens to be the current
low-hanging fruit, and that there no doubt are similar vulnerabilities
in the other MTAs/MDAs.  And the fact that we are talking about remote
execution potentially as root in this case really does not hold much
water in my thinking either.  If that is the argument, then we better
toss bind (VU#955777, Apr 25), sshd and who knows how many other
programs which have had similar vulnerabilities over the past year or
two.  Yea, some run chroot, but not all.  And pretty soon (given the
traffic over the years on the various security lists which I receive),
we will find we don't need to buy those network cards, and then the
nice monitors, etc. and we will be back in the old System 3 days, if
we are lucky.  But in all seriousness, if it is the fact that sendmail
had to be updated, I will point out that the update still had to be
done in pkgsrc.  What is more, the new version was available the day
that VU#834865 was announced (Mar 22).  But, I will say that I
honestly don't know what the reasoning was, and so, I find myself
wondering what the announcement will be.

> > Yeah, I know -current isn't supposed to work all the time, but I usually
> > try to let people know when things are quite broken (like sendmail or
> > nfs for example in the last week).
> >
> > I am probably the one of the few unhappy about this whole thing, but I
> > thought I should probably let someone know.
> Absolutely.  We expect there to be some fallout, and concrete
> constructive information from users about what breaks for them is
> valuable.

Likewise, I will say that I realize that -current will not build, run,
etc. etc. all the time.  I have known that about NetBSD since I
started using NetBSD in the pre-1.0 days.  Of course, there are also
those times when I built a heavy use machine such as a desktop for
work using -current, and had uptimes of over a year when I could never
seem to get the spare time to update the machine.  But then, hopefully
by now it is realized that my point was that we had what is
essentially a major change (can you call this otherwise, when you
replace one MTA/MDA with a totally different MTA/MDA?) in what has been a
subsystem of BSD since before BSD 4.4.  Shoot, there was more public
discussion about switching to GCC 4 before the change than there was
on this change.

`Nuff said on my part.

- Doug

Douglas Wade Needham - KA8ZRT        UN*X Consultant & UW/BSD kernel progra=
Email:  cinnion @ ka8zrt . com
Disclaimer: My opinions are my own.  Since I don't want them, why
            should my employer, or anybody else for that matter!=20

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: PGPfreeware 5.0i for non-commercial use
MessageID: NG6KZn+t7nvHw86NHiM9sHtj3uI+UtYN