[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: RFC: Making mail-transport-agent Priority: optional

Bjørn Mork wrote:
> Josh Triplett <josh@joshtriplett.org> writes:
>> What would it take to make this change?
> Changing the LSB.  Or you need to keep the sendmail interface.  Which is
> what mail-transport-agent provides.

lsb-core provides the LSB interface, and it has priority extra, not
standard.  It already has a dependency on an MTA, along with
dependencies on a large pile of other programs and libraries with
priorities lower than standard.  So, as far as I can tell the LSB does
not specify what appears in standard, and removing an MTA from standard
would not affect lsb-core in any way.

>>  Have I missed any important points?
> You forgot to explain the upside, reason, why, gain, whatever.

Re-reading my original mail, you're right, I do seem to have missed
covering that point explicitly.  Thanks. :)

The main reasons to stop having an MTA in standard:

- Starting a daemon at boot time, which slows down booting.  This led me
  to notice the problem in Debian Live: it took a non-trivial amount of
  time for the boot process to finish starting exim and move on.

- Listening on ports by default, which exposes the system to any
  potential vulnerabilities, as well as potentially allowing the sending
  of spam.  I've checked, and out of all the packages with priority
  standard or above, only exim and isc-dhcp-client listen on ports by
  default.  Removing an MTA significantly reduces the attack surface of
  a default Debian system.

- Asking configuration questions via debconf at install time, which
  increases the amount of work and complexity required to install
  Debian.  For most users, these questions will duplicate the process
  they later go through to configure their MUA.

- Taking time to download and install, which increases the time and
  bandwidth needed to install or upgrade a Debian system.

- Running a daemon all the time, which takes up RAM.

- Taking up space on disk, as with any other package installed but not used.

- Taking up space in the process listing; the more programs a system
  runs that it doesn't use, the longer it takes to look over the output
  of "ps auxf" or top.

- Similarly, taking up space in the list of installed packages, the
  apt-listchanges output, and so on.  Any package installed but not used
  incurs a small but non-zero amount of mental overhead.

Users can easily install an MTA; why do they need one *by default* on
every Debian system they install?

>>  Would any other packages need changes, other than the ones I've
>> mentioned above?
> all packages with cron jobs,

...which produce output to somewhere other than a log file, in some
scenario other than "being buggy and accidentally producing output", and
which expect end users to read their output, and which therefore expect
that the end user has configured root's mail to go somewhere they'll
actually read.  In any case, cron can still suggest an MTA, and any
package which absolutely needs a working MTA can depend on one (and add
giant warnings that they require a *working* MTA configuration, which a
depends does not guarantee).

> all 3rd party applications assuming an UNIX
> environment, ++

By which you mean having a sendmail binary?  If you mean the LSB again,
LSB support requires installation of lsb-core, which depends on an MTA.
If you mean third-party applications in .deb form, they should depend on
an MTA if they need one.  And otherwise, installing third-party
applications outside the package manager frequently requires installing
additional supporting packages to provide expected interfaces, and
having a working sendmail seems no different.

And on top of all of that, nothing guarantees that the sendmail binary
can actually send mail outside the local system.  The admin will still
need to know that the program they install wants to send mail with
sendmail, so that they know not to say "local delivery only".

> The reasons are all explained in the release notes.

Which release notes do you mean?  I don't see anything about exim or
mail-transport-agent in the Debian squeeze release notes (other than the
large table of various package versions in Debian, which includes
notable packages of many different priorities).

> Why not remove syslog as well?  I'm pretty sure there are plenty of end
> users never ever looking at a log file.

Among other things, most daemons log information to log files (as
opposed to mail).  In any case, I'm specifically proposing moving an MTA
out of standard, not anything else at the moment. :)

- Josh Triplett

Reply to: