From nobody Wed Jan 31 05:56:26 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TPrrX6z5Nz58W0r; Wed, 31 Jan 2024 05:56:28 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TPrrX6NWqz4jNd; Wed, 31 Jan 2024 05:56:28 +0000 (UTC) (envelope-from ler@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706680588; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1hvztr29ex+raEo/Nos5F1/R+hxSLhSGw7s1IVMM4UQ=; b=oMyQkat5ZddQtmE908fIik+qb9TmGGLEvxLfC2fPeY0tgnktNDP4Y53PSlYTFrSlxD4C8D en0WdhwPjzvW7TlUdDNwxSLPH5cE7i6Nxy0S0ybhMVt2R1k0Ydsb+pspjYjzCo79juk0hy fm0x3xe8PIuwpsy1A03xZkBDp4LMo5yinrI6Q8KcjdVQ+zQuCWmuLUq5huBBicxmILOVB7 KJ/NjoHEQHyHt+l5Jgrln+b+kFmZnBKNqKIYEFRzwHnAKkY5w/WuHZ82aErrX3twO1po9W dkuz8/JzDUd2bdWsqJC78Z1Z6Pmt/y/MHAL85j/a2xfME2qRliDO+3VtzcP1/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706680588; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1hvztr29ex+raEo/Nos5F1/R+hxSLhSGw7s1IVMM4UQ=; b=AWq3iERc6Gl7IIiLm2ejfM8EFgJT3GKa6JGXSf5+zEDZmJIn/N72UNBJTXy76P1lKSamGh uTlnQ0JxfSIwbwvKye5cAj9URx5HY1wbRnDql/+wFZBeiar/XpFXICJoLHUPejwQyYcEwF KQR/WkWN3qpwoWvNH5owz/8PN6M444Kx49cigTS2hC+WHFa2Rwto5z5Ly30/ahV4Ztd+8L ZSAfpaJY42BvgZfwCzQQqeidZT0iQWu+u9JobixjdylCphmJvEavM5VBeYL5stbNBdTRUj 0gc/ibxY1sn57VAeupYPCyFf4MhPcvgwJ9s6Eegr5T8BQ797kdXPrQG0U8n1vA== ARC-Authentication-Results: i=1; thebighonker.lerctr.org; iprev=pass (thebighonker.lerctr.org) smtp.remote-ip=192.147.25.65; auth=pass (LOGIN) smtp.auth=ler@lerctr.org; spf=softfail smtp.mailfrom=FreeBSD.org; dmarc=skipped header.from=FreeBSD.org; arc=none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706680588; a=rsa-sha256; cv=none; b=eHvTd0U8x54afjcB1egQDnFSAqpX9TXiMXyQlQ38tSDH6qdzF8uj9rrJbXWZ9w+ih7oUZ0 3KNdko56hQqBJg2F3mW5ImoVVDVS4/BlchF1UWrhTTs72+KLw5/5sF7v6bHiC0NbOLG46B QDHiDbv8iseNVJxcdy95nc8XyiWHHM1V7qIhVfTLYcL9QrvBmf3WzoOsnuXTaGuF9xRs+x miSE+7V1WIiVeb1/YN6M2CGQi0SeAL/UFF77Pl/9QeIiPcKHd9/1FwnAo+C4S2bUIBmTJH w07mwwrn38Dp5qkGfc6luk2c6R9uS6WLqGws3Ym8OoKvqGD+C2LvbkwNp7VVTw== Received: from thebighonker.lerctr.org (thebighonker.lerctr.org [192.147.25.65]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "*.lerctr.org", Issuer "R3" (verified OK)) (Authenticated sender: ler/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4TPrrX5J0czVQD; Wed, 31 Jan 2024 05:56:28 +0000 (UTC) (envelope-from ler@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lerctr.org; s=ler2019; h=Content-Transfer-Encoding:Content-Type:Message-ID:References: In-Reply-To:Subject:Cc:To:From:Date:MIME-Version:Sender:Reply-To:Content-ID: Content-Description; bh=1hvztr29ex+raEo/Nos5F1/R+hxSLhSGw7s1IVMM4UQ=; b=Y8g2y +ffqdx789RcRHiluUyrV9T/j8RJxoKBoL+pTI7/CTyWBN/SQDlSGto0qdOAttQ+zXbIXj/X260Gx5 7LoAJxqi1fOA//e1qrqwmiFVogcoTGV2yvOWkMXjofNFI3B+20RMzMzBG0ihGCbMUnnE7D2IGT2PG Ue5GrA1od1sesUT4OlR5060UQExX28oNJtxKDku010reSMlK8mLkN2pnhlw495EyLR6ZoEsSOcBDk QnscDD93EzvFVeTD6H80JpHm7aZpGDNBBPwO2dgOLH9jl+6Hq0FEEiC3kaMMBVZgqaA84VHihGc4V BJV5/uTEZo46OI8PQ1zNGgixB5Yaw==; Authentication-Results: thebighonker.lerctr.org; iprev=pass (thebighonker.lerctr.org) smtp.remote-ip=192.147.25.65; auth=pass (LOGIN) smtp.auth=ler@lerctr.org; spf=softfail smtp.mailfrom=FreeBSD.org; dmarc=skipped header.from=FreeBSD.org; arc=none Received-SPF: softfail (thebighonker.lerctr.org: transitioning domain of FreeBSD.org does not designate 192.147.25.65 as permitted sender) client-ip=192.147.25.65; envelope-from=ler@FreeBSD.org; helo=webmail.lerctr.org; Received: from thebighonker.lerctr.org ([192.147.25.65]:38826 helo=webmail.lerctr.org) by thebighonker.lerctr.org with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.97.1 (FreeBSD)) (envelope-from ) id 1rV3aE-000000008QD-1ayB; Tue, 30 Jan 2024 23:56:26 -0600 Received: from 99-190-128-217.lightspeed.austtx.sbcglobal.net ([99.190.128.217]) by webmail.lerctr.org with HTTP (HTTP/1.1 POST); Tue, 30 Jan 2024 23:56:26 -0600 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Date: Tue, 30 Jan 2024 23:56:26 -0600 From: Larry Rosenman To: Cy Schubert Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 94eda313a9d5 - main - mail/dovecot: add LDAP as a default option In-Reply-To: <20240131055438.BBDFC307@slippy.cwsent.com> References: <202401310117.40V1HFmD014823@gitrepo.freebsd.org> <20240131050508.5BF6F240@slippy.cwsent.com> <20240131055438.BBDFC307@slippy.cwsent.com> Message-ID: <6bf993503f708ff198907655c80b9b91@FreeBSD.org> X-Sender: ler@FreeBSD.org Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit On 01/30/2024 11:54 pm, Cy Schubert wrote: > In message , Larry > Rosenman > write > s: >> On 01/30/2024 11:05 pm, Cy Schubert wrote: >> > In message <202401310117.40V1HFmD014823@gitrepo.freebsd.org>, Larry >> > Rosenman wr >> > ites: >> >> The branch main has been updated by ler: >> >> >> >> URL: >> >> https://cgit.FreeBSD.org/ports/commit/?id=94eda313a9d5acc5ff8d00fec7a518 >> >> 62f3e346da >> >> >> >> commit 94eda313a9d5acc5ff8d00fec7a51862f3e346da >> >> Author: Larry Rosenman >> >> AuthorDate: 2024-01-31 01:15:05 +0000 >> >> Commit: Larry Rosenman >> >> CommitDate: 2024-01-31 01:17:13 +0000 >> >> >> >> mail/dovecot: add LDAP as a default option >> >> >> >> PR: 276741 >> >> Requested by: seichan-ml@wakhok.ne.jp >> > >> > What's the compelling reason for this? The PR doesn't say why this >> > would >> > benefit everyone and doesn't explain if any negative impacts were >> > non-existent or mitigated any way. IMO someone asking for a feature or >> > option without an analysis of impact can possibly result in a POLA >> > situation. >> > >> > Why and will this cause any POLA? >> >> POLA shouldn't be a problem except for the ldap-client lib. As to >> why, >> I didn't >> want to go through the argument with the user. I can revert it if you >> want. > > I just need to understand the rationale. It's not apparent to me. > >> >> I really want a way to split our packages like the dovecot folks do >> for >> Linux, >> but I don't have that understood yet. >> >> As I said, if the project wants me to revert it, I can. > > I use dovecot on my exterior gateway machine. It does not use my LDAP > directory nor KRB5 realm in order to insulate those services in case > this > machine is compromised. If this requires my Internet facing machine to > use > my LDAP directory (+ KRB5 realm) this may be an issue. It may also be > an > issue for those in similar circumstance. > > I don't use LDAP on my exterior machine to reduce risk to the directory > should that machine be compromised. > > With LDAP enabled in the software will I and those who don't use LDAP > have > to hook into an LDAP directory? Or does this simply add an option? Simply adds an option. If you don't put anything in the config mentioning LDAP, it's sits dormant, except for the load of the client libraries. It does not open a path to anywhere. -- Larry Rosenman http://people.freebsd.org/~ler Phone: +1 214-642-9640 E-Mail: ler@FreeBSD.org US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106