[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: RFC: Making mail-transport-agent Priority: optional

* Josh Triplett <josh@joshtriplett.org> [111013 05:51]:
> Users can easily install an MTA; why do they need one *by default* on
> every Debian system they install?

Because the system is not in a useful state without. If you want to
cripple your system, just deinstall it.

> The main reasons to stop having an MTA in standard:
>
> - Listening on ports by default, which exposes the system to any
>   potential vulnerabilities, as well as potentially allowing the sending
>   of spam.  I've checked, and out of all the packages with priority
>   standard or above, only exim and isc-dhcp-client listen on ports by
>   default.  Removing an MTA significantly reduces the attack surface of
>   a default Debian system.

Last I checked, exim does not listen to things on the outside by
default. (Though I had nothing against it no longer listening
on tcp, as long as it still accepts mails)

> - Asking configuration questions via debconf at install time, which
>   increases the amount of work and complexity required to install
>   Debian.  For most users, these questions will duplicate the process
>   they later go through to configure their MUA.

People have different needs here. There really is no "one size fits
all". Your whole argument of not wanting one being started at most
means there is one option missing.

> - Taking time to download and install, which increases the time and
>   bandwidth needed to install or upgrade a Debian system.

Please drop the "upgrade". If you deinstall it there is no cost at
upgrading.

> - Running a daemon all the time, which takes up RAM.

Then do not start it.

> - Taking up space on disk, as with any other package installed but not used.

Then deinstall it.

> - Taking up space in the process listing; the more programs a system
>   runs that it doesn't use, the longer it takes to look over the output
>   of "ps auxf" or top.

Then do not start it.

> - Similarly, taking up space in the list of installed packages, the
>   apt-listchanges output, and so on.  Any package installed but not used
>   incurs a small but non-zero amount of mental overhead.

Then deinstall it.

Please note that an MTA perfectly fits into the
'If the expectation is that an experienced Unix person who found it
missing would say "What on earth is going on, where is foo?", it must
be an important package.' criterion. So only having priority standard
is already a compromise (and I guess historically due to there being
alternative implementations).

I'm all for having minimal dependencies to make deinstalling stuff one
does not like or want easier. But defaults should be something
reasonable.

	Bernhard R. Link
Reply to: