exim4 & spf: #377034 & #258210

To: debian-devel@lists.debian.org
Subject: exim4 & spf: #377034 & #258210
From: Alexander Vlasov <zulu@gala.net>
Date: Thu, 06 Jul 2006 16:03:37 +0300
Message-id: <1152191018.14868.214.camel@zulu.x.gala.>

Hello.

I filed a wishlist[1] on exim4 package asking to enable SPF[2] in
exim4-daemon-heavy package, but maintainer rejected it and recommended
me discuss this situation on debian-devel@, so I beg to ask your
attention.

Currently, debian ships two versions of exim4 -- light with absolutely
minimal feature set and heavy with (almost) all features enabled. But it
misses one important feature -- SPF support.

Maintainer explained his point back in 2004 in bug report #258210 [3]

---cite---
Now to the main point: Why won't I link exim against libspf?

* SPF imho has not reached the necessary amount of
standardization an acceptance for inclusion in a Debian/stable
release, it is still in flux.

* I do not want to drag in another library dependency.

* Checking with spfd http://packages.debian.org/libmail-spf-query-perl
instead of exiscan's spf-condition offers the same functionality,
afaict.

* spamassassin 3.0 will include SPF support, too.

* I do not want to encourage SPF because I am not convinced of its
benefits. (Discussion and links on benefits and downsides of SPF are
not listed here intentionally.)
---cite ends---

But I have some objections: 
1) first reason is not true anymore. Since
2004 SPF has a lot of testing; 

2) even inclusion of spf doesn't break
anything; nobody is forced to use spf tests. 

3) another library dependency is not a problem at all. 
a) libspf2 is as large as 48k and
b) exim4-daemon-heavy already depends on a lot of libraries.

4) spf-checking daemon isn't adequate replacement for built-in ACL SPF
support; running mail cluster I have to launch an instance of daemon on every node.

5) exim has a lot of installations and some admins ARE convinced of spf
benefits. Generally, If we have libspf in Debian, why should we disable
using it in applications? Just let people decide to use or not use spf;
don't make descisions for users.

Well, maybe I'm wrong, but in my opinion Debian is about freedom; no
one should make descisions for users just because he isn't sure.


So can please someone explain me what should I do now? Am I wrong
disturbing maintainer with this requests? Or perhaps could someone
explain him he is wrong?


Thanks a lot.




[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377034
[2] http://www.openspf.org/
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=258210

-- 
Alexander Vlasov
ZULU-UANIC
JID: zulu <at> jabber.kiev.ua

Reply to:

Follow-Ups:
- Re: exim4 & spf: #377034 & #258210
  - From: md@Linux.IT (Marco d'Itri)

Prev by Date: Re: Poor quality of multipath-tools
Next by Date: Orphaning blam
Previous by thread: Re: cdrtools
Next by thread: Re: exim4 & spf: #377034 & #258210
Index(es):
- Date
- Thread