Re: Bug#510415: tech-ctte: Qmail inclusion (or not) in Debian

[Ian Jackson <ian@davenant.greenend.org.uk>]

Raphael Hertzog writes ("Bug#510415: tech-ctte: Qmail inclusion (or not) in Debian"):
> On Thu, 01 Jan 2009, Joerg Jaspert wrote:
> > Yet, we do see that there are people who want Qmail, and instead of
> > maintaining it in an own repository want it in Debian. As it is unlikely
> > that the positions of the Qmail supporters and us will change soon to
> > let us find a solution that works for both sides (the positions are
> > basically black and white here), we ask you to help resolve it,
> > by a ruling on this matter, following Constitution §6.1.3.
> 
> What constitutes for you a solution that works for both sides?  

I think you have misread Joerg.  I did the same at first.  Joerg is
saying that he thinks that there is _not_ any sensible compromise and
_not_ anything that will work for both sides.

I think I agree but of course I'm open to suggestions.

> Gerrit is not available until end of january so it seems rather badly
> timed to bring this request forward now giving no chance to Gerrit to
> give his arguments.

I think for this reason we should wait until Gerrit has a chance to
respond to these emails.  In the meantime the ftpmaster's decision
should stand, clearly.

> > - several shortcomings related to the MTA behaviour, including the
> >   backscatter spam issue, failing to use secondary MXs, ignoring
> >   RFC1894, and unbundling of outgoing messages (yay for traffic/resource
> >   waste)[2], thus being unsupportably buggy (Policy 2.2.1)
> 
> All those are good reasons to not choose the software as a user but not to
> not include them in Debian. We don't know how our users are going to use
> it and there might be use cases where those shortcomings are not
> problematic.

I think this is a dangerous line of argument.  Many of Qmail's
behaviours are terrible in the global Internet and we have no
effective way to prevent (or even warn) our users from running Qmail
in that situation.

Indeed practically the only reason why people want Qmail is because
they believe the hype about how ultra secure it is - which is relevant
(if you believe it) in precisely the circumstances where Qmail's
problems are most severe.


Joerg Jaspert writes ("Bug#510415: tech-ctte: Qmail inclusion (or not) in Debian"):
> [Raphael:]
> > Why "no real"? Did Gerrit commit to something? 
> 
> DJB isn't doing it. Some others seem to maintain some set of patches.

Is there anything resembling an upstream maintenance community - a
mailing list they all use or something ?  I'd be interested to see its
archives.


Kalle Kivimaa writes ("Re: Bug#510415: tech-ctte: Qmail inclusion (or not) in Debian"):
> I think the more abstract question here is:
> 
> If a software easily causes problems for other machines in a network,
> should that software be allowed into Debian, even if the software
> doesn't bring any new functionality?

Yes, I think that's an excellent way to put the question.  The answer
is obviously `no'.

Either steps need to be taken to prevent these problems (for the
network as a whole, for other parts of Debian who need to interact
with the package, and for the user who runs it) - or the package
should not be included.


Ian.