[Debian-np-devel] Testing apt repository

[Micah Anderson]

On Wed, 21 Jul 2004, Otavio Salvador wrote:

> || On Wed, 21 Jul 2004 00:41:51 -0500
> || Micah Anderson <micah@riseup.net> wrote: 
> 
> ma> To celebrate the new apt repository, I thought I'd give it a shot by
> ma> uploading a new patched version of postfix against 2.1.3-1 (latest in
> ma> testing ATM), which provides the SMTP AUTH anonymized "Received:"
> ma> header hack (and believe me, its a hack).
> 
> Why we need it? (I'm not questioning you changes only curious to know)

When you SMTP AUTH with a mail server to send out mail, the SMTP
server knows and trusts you, because you are required to have an
account on the system. When your mail goes out via this method, a
"Received:" header line is added to the full headers showing your IP
address that sent the message (dsl092-251-130.sfo4.dsl.speakeasy.net
for example), this is your home DSL line, your dynamic dial-up PPP
address, or whatever. If you used webmail from the system, or
pine/mutt via ssh, your mail would not have this additional header
added, but would instead be shown as coming from localhost. Many of
the riseup users use our SMTP server to send their email for privacy
reasons. They do not trust sending their email through their ISP. If
they send their email through us, we add to the headers additional
unnecessary information, this defeats this purpose. Some might argue
that you cannot track down abusers if you do this, but I disagree
because our logs clearly show that user "foo" SASL authenticates at
that time in order to send out the message.

I am not sure how it fits within Debian-NP mailserver exactly, but I
know that some of the tech activist groups who were at Debconf4 were
quite interested in it, but couldn't use the postfix version 1 patch
that I made because they were moving to version2.

> ma> I was able to upload it via dput, no problem, thats the good news. I
> ma> was also able to insert that line into my apt/sources.list and update
> ma> my sources from that source, and I see that package available when I
> ma> do an apt-cache show postfix-tls.
> 
> So, it worked.

Yes, quite well!

> ma> What I dont know how to do is to actually install that package when
> ma> I've already got postfix-tls installed. Apt only tells me that
> ma> postfix-tls is up-to-date. I know you are supposed to be able to pass
> ma> the -t option to apt, but I can't figure out what you would pass to
> ma> get that. Anyone know? 
> 
> It depends which distribution your package is target. To health of
> users, experimental distribution doesn't have auto-installation
> enabled and you need use -t to use it.

I am targetting the testing distribution, but it was put into unstable
in the remote queue, I dont know if this needs to be changed. Since it
was not in experimental, I was surprised that apt did not see the
newer version and attempt to install it. I added an additional minor
revision number, and a unique identifying tag to the package name, so
it was obvious what it was and that it was newer.

> ma> Additionally, its somewhat annoying (for me), that the postfix package
> ma> was merged together, so creating this patch builds every single other
> ma> postfix element (postfix-mysql, etc.) and makes it available as well
> ma> (and is uploaded to the alioth repository). If anyone knows how to
> ma> deal with that, I'm all ears.
> 
> You can't change it.
> 
> Since you changed the source package and built it, it created all
> binary packages of it.

Yes, the postfix1 source package seemed to have separate postfix-tls,
which made it so it was not necessary to build all the binary
packages. I am not sure how to deal with this, because people who want
to use this, only want to install the postfix-tls package, and not all
the others (although they are not modified in anyway).

> One issue you can see is if this cannot be merged back to main
> package. Did you provide the patch in BTS to maintainer give his
> opinion about it?

Yes, this I am considering the best way to do. I am quite sure that it
will not be incorporated, as it is a bad hack, it provides
functionality that only a very specific group of people want (and is
not user configurable).

micah