On Thu, 2019-06-20 at 20:33 +0200, Philipp Kern wrote:
On 20/06/2019 09:50, Ansgar Burchardt wrote:
> Ansgar Burchardt writes:
> > (I don't maintain debootstrap.)
> >
> > I don't think it is a good idea to require debootstrap to know about
> > such details.
> >
> > For limiting network access, I would recommend instead using network
> > namespaces (to only provide limited network access for all processes)
> > and/or user namespaces (if filtering for single UIDs is really needed).
> > These do not require any uids to match between in- and outside.
>
> And sadly the submitter's address bounced my mail as the mail provider
> the submitter uses cannot parse RFC-5321 mail addresses correctly.
Well, you can use -submitter@ if you already know that your domain is
problematic. Even re-reading the RFC I'm not sure why that's a bug.
RFC
5321 references RFC 1035's definition of the label, which specifies
that
a <letter> needs to be first in the label.
[...]
No, RFC 1035 says that starting each label with a letter "will result
in fewer problems with many applications". But RFC 1123 says a label
*can* begin with a digit, and that there is no ambiguity with IP
literals because TLDs start with a letter.