jidanni | 2 May 18:57 2008

[Bug 703] New: other ways to exit

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=703
           Summary: other ways to exit
           Product: Exim
           Version: 4.69
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: low
         Component: Eximon
        AssignedTo: nigel <at> exim.org
        ReportedBy: jidanni <at> jidanni.org
                CC: exim-dev <at> exim.org

Gee it's hard to exit eximon.
You must click "quit". If you hit X in the top right corner of ALT F4
you get a weird message from X windows about killing a client, and if
you proceed you get
X connection to :0.0 broken (explicit kill or server shutdown).

Also there in no q or ^q etc. to quit. If your mouse breaks there is
no clean way to exit.

-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--

-- 
(Continue reading)

Marc Haber | 4 May 09:31 2008
Picon

Re: Bug#475194: D-H parameter generation is All Wrong

Dear anonymous crypto-expert,

On Sun, Apr 13, 2008 at 01:58:46PM +0200, Tom Kistner wrote:
> > It's also not very important that the D-H parameters be changed often;
> 
> So there still is some value in changing them?
> 
> > while changing them N times makes it N times as much work for an attacker
> > that wants to read ALL of your mail, it's better to just use a larger
> > prime and make it N times harder for an attacker to read ANY of your
> > mail.
> 
> What about doing both? :)

It would help if you'd answer the question that Tom has asked three
weeks ago since you seem to have knowledge that only a few people on
this list have.

> > In fact, many cryptographic standards just specify a menu of fixed
> > D-H parameters for all implmentations for all time (e.g. RFC3526).
> > Generating a set once at install time is also reasonable.  Changing it
> > daily is silly.
> 
> 39.3 does not say "daily", it says "the frequency depending on your 
> paranoia level". Now how paranoid should Debian be? I have no idea, and 
> with my limited crypto skills, I can't give them a recommendation. Stock 
> Exim does exacly what you want, compute D-H params exactly once.

And Debian has changed the DH parameter size to 2048 bits (hoping that
the patch I applied to tls-gnu.c #defining DH_BITS to 2048 and
(Continue reading)

Ruud Koolen | 8 May 22:25 2008
Picon

[Bug 706] New: Dropping privileges because of deliver_drop_privilege isn' t debug logged

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=706
           Summary: Dropping privileges because of deliver_drop_privilege
                    isn't debug logged
           Product: Exim
           Version: 4.63
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Delivery in general
        AssignedTo: nigel <at> exim.org
        ReportedBy: redlizard <at> redlizard.nl
                CC: exim-dev <at> exim.org

When dropping privileges because deliver_drop_privilege=true, exim does not
announce this action in the debug log. Because of this, the log indicates that
exim is still running as root, while it in fact is not.

-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##

(Continue reading)

Tony Finch | 9 May 14:58 2008

[Bug 706] Dropping privileges because of deliver_drop_privilege isn' t debug logged

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=706

Tony Finch <fanf <at> exim.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fanf <at> exim.org
             Status|NEW                         |ASSIGNED

--- Comment #1 from Tony Finch <fanf <at> exim.org>  2008-05-09 13:58:15 ---
Could you please provide a copy of the complete debugging output that
illustrates the problem.

-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##

Nigel Metheringham | 13 May 18:05 2008
Picon

Development blockage...

I think we have hit a stage where effectively no work is being done on  
exim - the bugzilla queue is increasing, but very few of them are  
being touched at all.

If this remains like this it might be as well to admit the current  
state of things and arrange the funeral.

	Nigel.

--
[ Nigel Metheringham             Nigel.Metheringham <at> InTechnology.com ]
[ - Comments in this message are my own and not ITO opinion/policy - ]

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##

Graeme Fowler | 13 May 18:29 2008
Picon

Re: Development blockage...

On Tue, 2008-05-13 at 17:05 +0100, Nigel Metheringham wrote:
> I think we have hit a stage where effectively no work is being done on  
> exim - the bugzilla queue is increasing, but very few of them are  
> being touched at all.

A sorry state indeed...

> If this remains like this it might be as well to admit the current  
> state of things and arrange the funeral.

I think it would be better for everyone to look more positively toward
the future instead. How about we - that is, people with some form of
vested interest in the past, present and future of Exim - form a formal
development group and have regular (or irregular, but scheduled!) bug
zapping fests aswell as development sessions?

Several other projects I participate in have IRC/IM/SIP sessions to do
this, and one or two have physical get-togethers to do the same thing.

Full disclosure: I can't code for all the money in a bank vault. But I
can compile, build, configure and test!

Graeme

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##

B. Johannessen | 13 May 19:15 2008

Re: Development blockage...

Nigel Metheringham wrote:
> I think we have hit a stage where effectively no work is being done on  
> exim - the bugzilla queue is increasing, but very few of them are  
> being touched at all.

I have a feeling Philip left behind a sort of leadership vacuum. At 
least that what it feels like to me as an outsider. It's not apparent to 
me who's "in charge" any more, which makes it more difficult to 
contribute. Two suggestions that shouldn't be to much trouble is;

Suggestion 1: Set up public (read only) CVS/SVN to make it easier to 
track ongoing development (not that there's much of that going on right 
now).

Suggestion 2: Publish a list of people with commit access, along with 
what areas of Exim the commiters feel comfortable with.

I haven't really been paying such close attention lately, but It's my 
understanding that most new entries in Bugzilla are feature requests. A 
fair chunk of the rest are user errors, not bugs in Exim. I think if the 
community could organise some short of "triage" team to verify and 
prioritise bugs, it shouldn't be to difficult to find people willing to 
work on them. Personally I'd be terrible at such a job, but enough of my 
salary if brought in from Exim related activities for me to justify 
spending time on *fixing* verified bugs. So;

Suggestion 3: Organise triage team tasked with maintaining a prioritised 
list of verified bugs.

That leaves the "wish-list" bugs. To be honest I don't really care to 
(Continue reading)

Tony Finch | 13 May 20:55 2008
Picon

Re: Development blockage...

On Tue, 13 May 2008, Nigel Metheringham wrote:

> I think we have hit a stage where effectively no work is being done on
> exim - the bugzilla queue is increasing, but very few of them are
> being touched at all.

I'm trying to keep on top of the low-hanging fruit at least. I have a
ratelimit patch that's nearly ready to be committed (needs some test
cases) and I'm planning to add built-in greylisting this summer.

Tony.
-- 
f.anthony.n.finch  <dot <at> dotat.at>  http://dotat.at/
SOLE: EASTERLY 4 OR 5, OCCASIONALLY 6 IN EAST. MODERATE. SHOWERS. MODERATE OR
GOOD, OCCASIONALLY POOR.

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##

Jaco van der Schyff | 14 May 08:29 2008
Picon

Re: Development blockage...

On Tue, May 13, 2008 at 07:15:06PM +0200, B. Johannessen wrote:
> Suggestion 3: Organise triage team tasked with maintaining a prioritised 
> list of verified bugs.
> 
> That leaves the "wish-list" bugs. To be honest I don't really care to 
> much about those. Exim is already an extremely useful tool to a great 
> number of people, and I'm sad to say that the attitude of people making 
> requests over the past few years has gone from bad to worse. Maybe it'd 
> be possible to organise some sort of reverse auction / fund raiser for 
> requesters to pledge funding for developing the requested features. If 
> not, I'd be happy to "scratch my own itches" and contribute code that 
> solves *my* issues. I have a feeling that's how most of Exim came about 
> anyway...

There is Google's summer of code aswell.  If a (mentoring) organisation
could be set-up, the fund raising issue could be rationalized by Google
paying the respective bounties ?

- Jaco van der Schyff

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##

Andrew Buckeridge | 14 May 02:47 2008

[Bug 621] hostnames with trailing blanks should be handled differently

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=621

Andrew Buckeridge <andrewb <at> bgcaus.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |andrewb <at> bgcaus.com

--- Comment #2 from Andrew Buckeridge <andrewb <at> bgcaus.com>  2008-05-14 01:47:29 ---
The http://cr.yp.to/proto/maildir.html spec says
"To deal with invalid host names, replace / with \057 and : with \072",
however it does not mention replacing a space with \040.
Only / and : would break the maildir itself, but it would still be good to
make it nice for shells and imapds.

-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at
http://www.exim.org/ ##


Gmane