On Thursday 29 July 2004 12:17, Bill Campbell wrote:
On Mon, Jul 26, 2004, Simon Mudd wrote:
Hello all,
Are there any packaging guidelines for building RPM packages? Not how
to build the rpm, but how to make a freshly installed package
behave.
The reason that I ask is that I've been looking at the OpenPKG Postfix
RPM and notice that, as installed, it will NEVER work correctly,
something contrary to how the author expects his software to be
installed[1].
Specifically:
- the provided main.cf configuration file only allows connections from
and to address 127.0.0.1 effectively disabling all non-local network
activity.[2]
This is intentional, for the same reason that SuSE and others have their
default configurations listening only on localhost, to prevent the clueless
from accidentally opening services that may be abused or exploited from the
outside world.
- the provided main.cf configuration file specifically sets various
dummy configuration values which are WRONG (in the sense that if not
changed they will generate errors). mydomain and myhostname are
examples.
Again this is intentional. One could change the example.com to the base
domain name, and the myhostname to the output of the ``hostname'' command,
but this can cause problems using ``hostname'' as that varies amongst *nix
systems (e.g. SuSE = 8.0 returns the short hostname, not the FQDN). One
could do something automatic using a perl script with ``use Net::Domain;''
to handle things like this or use the coreutils ``ghostname'' to do the
same thing.
...
For experienced users seeing what to change is not a problem, but it
seems that this is not helpful for users new to the software.
Letting totally inexperienced users do things they don't understand with
programs that can be abused and exploited from the Internet may not be a
very Good Idea(tm). Granted that the postfix default configuration is
pretty tight, the overall philosophy is to require people to think a little
before opening services to the world.
Microsoft's philosophy of making things easy to use for the clueless has
worked very well don't you think? It's responsible for the vast majority
of spam and network abuse that plagues the Internet today.
Not providing the package's own documentation (although man pages are
included) is unhelpful.
I tend to agree with that for many packages, but I don't think that's the
case isth postfix as it has full man pages, and the examples are well
commented.
...
I'd like to help address the specific Postfix issues I've seen (which
should be trivial), but want to make sure that I'm not overlooking
something.
Postfix is one of the OpenPKG packages that I modify before using, mostly
because I've added a ``/bin/rpm'' package, openpkg-postfix'', to the
postfix package that installs when ``/bin/rpm'' is found that ``Obsoletes:
postfix'' and ``Provides: smtp_daemon''. This works around a problems on
SuSE systems which will automatically reinstall their postfix if it's
removed because other SuSE RPMS require the ``smtp_daemon''.
Bill
--
INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206)
236-1676 URL: http://www.celestial.com/
The cry has been that when war is declared, all opposition should
therefore be hushed. A sentiment more unworthy of a free country could
hardly be propagated. If the doctrine be admitted, rulers have only to
declare war and they are screened at once from scrutiny ... In war,
then, as in peace, assert the freedom of speech and of the press.
Cling to this as the bulwark of all our rights and privileges.
-- William Ellery Channing
__
The OpenPKG Projectwww.openpkg.org
User Communication List [EMAIL PROTECTED]
Deze e-mail is door E-mail VirusScanner van Planet Internet gecontroleerd
op virussen. Op http://www.planet.nl/evs staat een verwijzing naar de
actuele lijst waar op wordt gecontroleerd.
That is funny, I unsubscribed yesterday with receiving:
From: [EMAIL PROTECTED]
Your approval mail has been received and been processed sucessfully.
d'omt want to receive any e-mail anymore help please
Deze e-mail is door E-mail VirusScanner van Planet Internet gecontroleerd op
virussen.
Op http://www.planet.nl/evs staat een verwijzing naar de actuele lijst waar op
wordt gecontroleerd.
--
Vriendelijke groeten / Kind regards,
Ruud Koendering
Sr. Programme / Project Manager
De Wickelaan 11
2265 DG Leidschendam
Netherlands / Nederland
__
Tel/Phone: +31(0)70 3271506
Mob/Mob: +31(0)6 4137 2381