Bug#293207: bogofilter: Any fix found?

Matthias Andree matthias.andree at gmx.de
Thu Mar 10 12:38:37 CET 2005 

Karl Schmidt <karl at xtronics.com> writes:

> Matthias Andree wrote:
>
>> Welcome to the wonders and mysteries of giving away write
>> access. set-gid bits on directories can help a bit, as is already
>> mentioned in the looong message trail in <http://bugs.debian.org/293207>
>>
> If a set-gid bit is all that is needed why not just have the install create the 
> default db directory  (/var/spool/bogofilter) with the correct
> permissions?

Operator duty. Bogofilter does not install anything into /var.

If your package does, may I kindly request that the packager splits such
off into a separate bogofilter-exampleconf package?

I don't want to face YASM, Yet Another Support Nightmare®, because the
different "bogofilter" packages diverge on what they install in
distribution-specific integration frameworks, the bogofilter maintainers
cannot possibly track all these diverse variants and versions.

We are already seeing a lot of support requests for Debian that have not
been forwarded by the maintainer but by individual users. So far, it
appears the Debian package was sufficiently close to our original
installation, but what you're asking goes way beyond.

> (That is much to simple - must be something wrong with the idea? Security? You 
> could have debconf ask about it?)

It's not trivial, because a umask too tight will cause the same
corruption, the umask it must be <= 07 for group-based access to
work. Subversion repositories regularly get corrupted because some user
with a umask of 022 (sane default for most purposes) is too tight for
group-shared access; a simple wrapper script might look like this:

#! /bin/sh
set -e
trap "exit 3" EXIT
umask 02
exec /usr/local/bin/bogofilter.bin "$@"

This is basic system administration, and can be expected from people who
install bogofilter site-wide for shared databases.

Remember that personal databases work better unless the interests of
users and hence what mail they want to see and get is VERY homogenous.

> If creating a bogofilter user is too complicated, setting up sudo is
> worse.

Perhaps, that's why I posted the example.

It is however *not* bogofilter's task to accumulate the functionality of
a dozen unrelated standalone tools.

This is Unix, where the philosophy is to combine existing tools for
maximum effect. bogofilter and sudo are such tools that you can combine.

> There has to be a clean way to resolve this. There are many ways to ask a 
> question or two in debconf to put this to rest.

If that's your goal, then this is best taken up with the maintainer of
your package, but kindly see to the request of making such frameworks
available in a separate package that is clearly marked as unsupported by
the bogofilter maintainers and bears the address of the packager who
created this.

> clean solution is worked out. There has to be a way to make it so your 
> grandmother can install it to work with her MUA and Joe sysop can still do his 
> thing without stepping on anyones toe.

For the grandma, the best way is to integrate it with her mail user
agent. Some do that, for others we have instructions in the FAQ.

At any rate, this goes beyond bogofilter's mission.

-- 
Matthias Andree
_______________________________________________
Bogofilter mailing list
Bogofilter at bogofilter.org
http://www.bogofilter.org/mailman/listinfo/bogofilter

More information about the Bogofilter mailing list