Date: Tue, 30 Jan 2024 21:54:38 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Larry Rosenman <ler@FreeBSD.org> Cc: Cy Schubert <Cy.Schubert@cschubert.com>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 94eda313a9d5 - main - mail/dovecot: add LDAP as a default option Message-ID: <20240131055438.BBDFC307@slippy.cwsent.com> In-Reply-To: <f87acd48c73fc9296e6ba3a40eccc010@FreeBSD.org> References: <202401310117.40V1HFmD014823@gitrepo.freebsd.org> <20240131050508.5BF6F240@slippy.cwsent.com> <f87acd48c73fc9296e6ba3a40eccc010@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <f87acd48c73fc9296e6ba3a40eccc010@FreeBSD.org>, Larry Rosenman write s: > On 01/30/2024 11:05 pm, Cy Schubert wrote: > > In message <202401310117.40V1HFmD014823@gitrepo.freebsd.org>, Larry > > Rosenman wr > > ites: > >> The branch main has been updated by ler: > >> > >> URL: > >> https://cgit.FreeBSD.org/ports/commit/?id=94eda313a9d5acc5ff8d00fec7a518 > >> 62f3e346da > >> > >> commit 94eda313a9d5acc5ff8d00fec7a51862f3e346da > >> Author: Larry Rosenman <ler@FreeBSD.org> > >> AuthorDate: 2024-01-31 01:15:05 +0000 > >> Commit: Larry Rosenman <ler@FreeBSD.org> > >> CommitDate: 2024-01-31 01:17:13 +0000 > >> > >> mail/dovecot: add LDAP as a default option > >> > >> PR: 276741 > >> Requested by: seichan-ml@wakhok.ne.jp > > > > What's the compelling reason for this? The PR doesn't say why this > > would > > benefit everyone and doesn't explain if any negative impacts were > > non-existent or mitigated any way. IMO someone asking for a feature or > > option without an analysis of impact can possibly result in a POLA > > situation. > > > > Why and will this cause any POLA? > > POLA shouldn't be a problem except for the ldap-client lib. As to why, > I didn't > want to go through the argument with the user. I can revert it if you > want. I just need to understand the rationale. It's not apparent to me. > > I really want a way to split our packages like the dovecot folks do for > Linux, > but I don't have that understood yet. > > As I said, if the project wants me to revert it, I can. I use dovecot on my exterior gateway machine. It does not use my LDAP directory nor KRB5 realm in order to insulate those services in case this machine is compromised. If this requires my Internet facing machine to use my LDAP directory (+ KRB5 realm) this may be an issue. It may also be an issue for those in similar circumstance. I don't use LDAP on my exterior machine to reduce risk to the directory should that machine be compromised. With LDAP enabled in the software will I and those who don't use LDAP have to hook into an LDAP directory? Or does this simply add an option? -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240131055438.BBDFC307>