On Thu, 2019-06-20 at 20:33 +0200, Philipp Kern wrote: > On 20/06/2019 09:50, Ansgar Burchardt wrote: > > Ansgar Burchardt writes: > > > (I don't maintain debootstrap.) > > > > > > I don't think it is a good idea to require debootstrap to know about > > > such details. > > > > > > For limiting network access, I would recommend instead using network > > > namespaces (to only provide limited network access for all processes) > > > and/or user namespaces (if filtering for single UIDs is really needed). > > > These do not require any uids to match between in- and outside. > > > > And sadly the submitter's address bounced my mail as the mail provider > > the submitter uses cannot parse RFC-5321 mail addresses correctly. > > Well, you can use -submitter@ if you already know that your domain is > problematic. Even re-reading the RFC I'm not sure why that's a bug. RFC > 5321 references RFC 1035's definition of the label, which specifies that > a <letter> needs to be first in the label. [...]
No, RFC 1035 says that starting each label with a letter "will result in fewer problems with many applications". But RFC 1123 says a label *can* begin with a digit, and that there is no ambiguity with IP literals because TLDs start with a letter. Ben. -- Ben Hutchings Beware of programmers who carry screwdrivers. - Leonard Brandwein
signature.asc
Description: This is a digitally signed message part