We need a new subject- bug fixes

Rahul Sundaram sundaram at fedoraproject.org
Sun Mar 4 21:18:41 UTC 2007


Les Mikesell wrote:

> OpenOffice is the particular thing I had in mind, but I suspect there 
> are others.  I'm not talking about additional packages - this is in 
> reference to your comment about not deviating from upstream.

Again probably licensing reasons. I made no absolute statements that no 
packages ever deviate. I said that Fedora packages generally avoid 
patches and I stand by that.

>> 3) Security. Daemons connecting to external ports by default is a bad 
>> idea. Well documented reasons. Configuration changes are easier to 
>> manage compared to other kind of patches too.
> 
> I suppose if you break a program's intended functionality there's not so 
> much to maintain.  That doesn't seem like a great thing to do, though, 
> especially without providing an easy/obvious way undo it.  In any case 
> it is hard to imagine any 'upstream' version of sendmail ever delivered 
> with that configuration

Perhaps you send to actually check instead of speculating what upstream 
does. Sendmail is enabled by default but not configured to connect to 
external ports in order to deliver local mail for root user but avoid 
the additional security issues with connecting to external ports by 
default. If there is a security hole in sendmail and it connects to 
external ports by default, it is remotely exploitable. If only connects 
to local host, then the security risk is lowered. I dont see how this is 
breaking any functionality since this is a well documented configuration 
change for security reasons. It is trivially easy to uncomment a line 
and configure sendmail to connect to external ports. What exactly are 
you suggesting?

Rahul




More information about the fedora-list mailing list