From nobody Wed Jan 31 05:54:38 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TPrpT4D13z58VjR; Wed, 31 Jan 2024 05:54:41 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TPrpT1nDcz4jHS; Wed, 31 Jan 2024 05:54:41 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; none Received: from shw-obgw-4003a.ext.cloudfilter.net ([10.228.9.183]) by cmsmtp with ESMTPS id UqiKr6DTMGAIJV3YWrDYJa; Wed, 31 Jan 2024 05:54:40 +0000 Received: from spqr.komquats.com ([70.66.152.170]) by cmsmtp with ESMTPSA id V3YVrAwQaByQrV3YVrRDrA; Wed, 31 Jan 2024 05:54:40 +0000 X-Authority-Analysis: v=2.4 cv=UOF+Hzfy c=1 sm=1 tr=0 ts=65b9e0a0 a=y8EK/9tc/U6QY+pUhnbtgQ==:117 a=y8EK/9tc/U6QY+pUhnbtgQ==:17 a=kj9zAlcOel0A:10 a=dEuoMetlWLkA:10 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=EkcXrb_YAAAA:8 a=d17H0i62APlKSV3jG2AA:9 a=CjuIK1q_8ugA:10 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=LK5xJRSDVpKd5WXXoEvA:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id CC40C17B1; Tue, 30 Jan 2024 21:54:38 -0800 (PST) Received: by slippy.cwsent.com (Postfix, from userid 1000) id BBDFC307; Tue, 30 Jan 2024 21:54:38 -0800 (PST) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Larry Rosenman cc: Cy Schubert , ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 94eda313a9d5 - main - mail/dovecot: add LDAP as a default option In-reply-to: References: <202401310117.40V1HFmD014823@gitrepo.freebsd.org> <20240131050508.5BF6F240@slippy.cwsent.com> Comments: In-reply-to Larry Rosenman message dated "Tue, 30 Jan 2024 23:44:37 -0600." List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 30 Jan 2024 21:54:38 -0800 Message-Id: <20240131055438.BBDFC307@slippy.cwsent.com> X-CMAE-Envelope: MS4xfOORHtcct11vPkWo76Gr2qli+TzAx8sL20vf7BLfu7fNdPridg9iW+b84ZNkAPaElb3JDfp83U/Fe4w8VJ5C/7Y2KYIhFzAV3Tgf5amLDjqcHdtr1hPC 5Kw+98x5r5xph7WmpsUZ7+ijK08/AaN0X9ZJB8N7BnRZyyhmYe1DvfSfn/QUbbZVVThwJaG03QUOEcvhaBx8hG5HB1qkqdj2na65bSj3KOM3neKsZYUBP/oI QM7rB68c5/ogqhlUgNRHASMacno7D+XEdgXuFhlZX9dq5D3xrClvxeUEjWZ0s/ItSOSzcBkcvmhVSyTO7dIw1C9Nt6LKnynH/R0MT/bNkcU= X-Rspamd-Queue-Id: 4TPrpT1nDcz4jHS X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US] In message , Larry Rosenman write s: > On 01/30/2024 11:05 pm, Cy Schubert wrote: > > In message <202401310117.40V1HFmD014823@gitrepo.freebsd.org>, Larry > > Rosenman wr > > ites: > >> The branch main has been updated by ler: > >> > >> URL: > >> https://cgit.FreeBSD.org/ports/commit/?id=94eda313a9d5acc5ff8d00fec7a518 > >> 62f3e346da > >> > >> commit 94eda313a9d5acc5ff8d00fec7a51862f3e346da > >> Author: Larry Rosenman > >> AuthorDate: 2024-01-31 01:15:05 +0000 > >> Commit: Larry Rosenman > >> CommitDate: 2024-01-31 01:17:13 +0000 > >> > >> mail/dovecot: add LDAP as a default option > >> > >> PR: 276741 > >> Requested by: seichan-ml@wakhok.ne.jp > > > > What's the compelling reason for this? The PR doesn't say why this > > would > > benefit everyone and doesn't explain if any negative impacts were > > non-existent or mitigated any way. IMO someone asking for a feature or > > option without an analysis of impact can possibly result in a POLA > > situation. > > > > Why and will this cause any POLA? > > POLA shouldn't be a problem except for the ldap-client lib. As to why, > I didn't > want to go through the argument with the user. I can revert it if you > want. I just need to understand the rationale. It's not apparent to me. > > I really want a way to split our packages like the dovecot folks do for > Linux, > but I don't have that understood yet. > > As I said, if the project wants me to revert it, I can. I use dovecot on my exterior gateway machine. It does not use my LDAP directory nor KRB5 realm in order to insulate those services in case this machine is compromised. If this requires my Internet facing machine to use my LDAP directory (+ KRB5 realm) this may be an issue. It may also be an issue for those in similar circumstance. I don't use LDAP on my exterior machine to reduce risk to the directory should that machine be compromised. With LDAP enabled in the software will I and those who don't use LDAP have to hook into an LDAP directory? Or does this simply add an option? -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0