Re: Re: RFC: Making mail-transport-agent Priority: optional
On Thu, Oct 13, 2011 at 10:17:38AM +0200, Bernhard R. Link wrote:
> * Josh Triplett <email@example.com> [111013 05:51]:
> > Users can easily install an MTA; why do they need one *by default* on
> > every Debian system they install?
> Because the system is not in a useful state without. If you want to
> cripple your system, just deinstall it.
I find my Debian system remarkably useful. "not in a useful state"
doesn't say much, except that you're rather attached to having a local
MTA. Perhaps you could provide a concrete reason why you want an MTA
installed *by default*? Again, a user can easily install one, and other
packages can depend on an MTA if they absolutely need one, or recommend
or suggest one if they would benefit from one; no different than any
> > The main reasons to stop having an MTA in standard:
> > - Listening on ports by default, which exposes the system to any
> > potential vulnerabilities, as well as potentially allowing the sending
> > of spam. I've checked, and out of all the packages with priority
> > standard or above, only exim and isc-dhcp-client listen on ports by
> > default. Removing an MTA significantly reduces the attack surface of
> > a default Debian system.
> Last I checked, exim does not listen to things on the outside by
> default. (Though I had nothing against it no longer listening
> on tcp, as long as it still accepts mails)
It does indeed listen on localhost by default; however, that still
provides an avenue for local privilege escalation, via vulnerabilities
like DSA-2131-1. Also, Debian encourages users to reconfigure exim so
that it supports sending non-local mail, and that reconfiguration can
end up with exim listening for outside connections.
> > - Asking configuration questions via debconf at install time, which
> > increases the amount of work and complexity required to install
> > Debian. For most users, these questions will duplicate the process
> > they later go through to configure their MUA.
> People have different needs here. There really is no "one size fits
> all". Your whole argument of not wanting one being started at most
> means there is one option missing.
Luca Capello just informed me that exim thankfully no longer asks
configuration questions at install time, so feel free to ignore this
> > - Taking time to download and install, which increases the time and
> > bandwidth needed to install or upgrade a Debian system.
> Please drop the "upgrade". If you deinstall it there is no cost at
> > - Running a daemon all the time, which takes up RAM.
> Then do not start it.
> > - Taking up space on disk, as with any other package installed but not used.
> Then deinstall it.
> > - Taking up space in the process listing; the more programs a system
> > runs that it doesn't use, the longer it takes to look over the output
> > of "ps auxf" or top.
> Then do not start it.
> > - Similarly, taking up space in the list of installed packages, the
> > apt-listchanges output, and so on. Any package installed but not used
> > incurs a small but non-zero amount of mental overhead.
> Then deinstall it.
Every point you just stated applies equally well to every daemon we
don't install by default; you haven't given any reason why an MTA needs
to exist by default.
> Please note that an MTA perfectly fits into the
> 'If the expectation is that an experienced Unix person who found it
> missing would say "What on earth is going on, where is foo?", it must
> be an important package.' criterion. So only having priority standard
> is already a compromise (and I guess historically due to there being
> alternative implementations).
Given the prevalence of LAMP, quite a few people might say "What on
earth is going on, where is mysql?". They then promptly install it,
without inflicting it on people by default.
More seriously, "what on earth is going on, where is foo?" applies quite
well to things like ps, a pager, an editor, and many other things
hard-wired into people's command-line finger memory. Why does an MTA
fall in that category? Remembering the good old days of multiuser
systems with vibrant local mail conversations will not bring them back.
Local mail exists primarily for historical reasons and inertia, and we
can fix the former. Your mail demonstrates rather a lot of the latter.
> I'm all for having minimal dependencies to make deinstalling stuff one
> does not like or want easier. But defaults should be something
Since we clearly disagree about what "reasonable" means, let's stick to
more concrete points. :)
- Josh Triplett