1 |
On 12/14/19 11:53 PM, Ralph Seichter wrote: |
2 |
> |
3 |
> Of the three packages you mentioned, milter-regex (not regex-milter) is |
4 |
> the only one with a name that actually contains "milter". OpenDMARC |
5 |
> should never have user a user named milter in the first place, and in |
6 |
> the future it should use "opendmarc". |
7 |
> |
8 |
> Besides, since nobody has claimed group/user "milter" before me, I think |
9 |
> this falls under first come, first serve. |
10 |
|
11 |
I agree that milter-regex has the strongest claim to the username. All |
12 |
I'm saying is that until opendmarc updates to GLEP81, changes its |
13 |
username, and all of its old versions have been purged from the tree... |
14 |
|
15 |
(a) we still have a dumb security vulnerability, in that these daemons |
16 |
can modify each others' files; and |
17 |
|
18 |
(b) you have to be careful not to do anything in acct-user/milter that |
19 |
could break someone's opendmarc setup, because now reinstalling |
20 |
acct-user/milter will reset all of the settings for its user (see |
21 |
the mythtv thread from today about this). |