[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
blind Pete
0123peter at gmail.com
Fri Sep 23 04:16:26 CEST 2011
on Fri, 23 Sep 2011 05:37
in the Usenet newsgroup gmane.linux.mageia.devel
Florian Hubold wrote:
> Am 22.09.2011 00:09, schrieb Luc Menut:
>> Le 21/09/2011 20:35, Florian Hubold a écrit :
>>> Hello,
>>>
>>> during validation of validation of msec/sectool update candidates,
>>> a problem showed up: https://bugs.mageia.org/show_bug.cgi?id=1621
>> ...
>>>
>>> But if we want security reports to be sent to local users if they
>>> specify so, how to proceed further?
>>>
>>
>> msec can work very well without sending these reports by email; all the
>> security's reports are available in /var/log/security, and msec notifies the
>> user about this at each time it runs, so sendmail is absolutely not mandatory.
>> So I think that msec shouldn't have a Requires on sendmail-command,
>> eventually it can be a Suggest.
>>
>> But perhaps we could/should change the configuration of msec to not send
>> email by default, by adding MAIL_WARN=no in /etc/security/msec/security.conf.
>>
>>
> So, to summarize, there happen to be multiple solutions here:
>
>
> 1. do NOT require an MTA, let users manually read reports from /var/log/security
> maybe even remove nail from msec Requires as it is currently non-functional.
> Also Luc's proposal cited above could be realized.
1a. Popup box (this sort of happens in KDE) or a "write" message to
the tty that says, "go read the logs".
> 2. do require sendmail-command, which will pose a problem to users
> installing from the CLI, because they are presented with a choice:
>
> One of the following packages is required:
> 1 dma
> 2 ssmtp
> 3 postfix
> 4 sendmail
> 5 msmtp
> Please make a selection:
>
> Additionally this will force an MTA onto every default installation and every
> installation that currently has msec installed.
>
> 3. do require dma, which is a rather minimal MTA, and delivers without
> configuration
> Please see https://bugs.mageia.org/show_bug.cgi?id=2255#c36 for details.
> This would also allow coexistence with an already-installed MTA, IIUC.
>
> 4. Try to fix nail, which is required by msec and so in every default installation,
> so that it is able to deliver mail by itself, without sendmail.
Impossible question but would that involve much work?
> Please give your votes.
Anything that works is acceptable.
If you want to get fancy, offer a choice that includes
"none (will lose functionality)". Default to whatever
MTA has already been selected, or dma if no previous
selection has been made.
More information about the Mageia-dev
mailing list