On Tue, 16 Dec 2014, Santiago Vila wrote:
My objection is that policy says that the conffile mechanism is only appropriate for files having a default that may work for everybody, and the rationale is that if most people need to modify it, then most people will get prompted on upgrades over and over again.
The package has to ship some kind of default or the server will not start. As you say there isn't a default which will satisfy everyone so we expect it to be changed by many users. But with normal operation of dpkg, new versions of the package will silently overwrite the changes. The only way to prevent this is to make it a conffile.
The current default disables SSL, which is insecure. We can't honestly claim that an insecure default "will work for most people".
Sure it will. You will be able to receive IMAP and POP3 mail which is what an imapd/pop3d does. As a "best practice" you _should_ do IMAP/POP3 over SSL but it is not required. And I fully agree that in this day and age the more encryption working out of the box the better. But this has to be done right because half-assed security is worse than no security at all. There are many different scenarios: self-signed certificate versus purchased from a CA, different locations, different expiration policies etc. The previous code was not accounting for all of this properly. So the only configuration the package can ship which will definitely work for all people is SSL disabled.
Atleast now a security-minded user knows where he stands and can harden the package the way he wants.
I encourage you to work on a centralized SSL cert handling facility for Debian that not only dovecot but all server packages can use. I will gladly use it.
-- Jaldhar H. Vyas <jald...@debian.org> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
