Ubuntu is under attack

[Anders Karlsson]

On 12/21/05, Adam Fabian <awfabian at gmail.com> wrote:
> Since everybody and their dog has weighed in on this topic, I figure I
> might as well, too.
>
> Ubuntu is a leading Linux distribution, and I would very much like to
> see LSB compliance.

Dito.

> "Linux for human beings" could mean configuring things so that, by
> default, mail into the local spool isn't hidden.  Maybe something in
> the toolbar that tells you that you have a message from the system, or
> a program.  But it's just assumed that if you're on something
> resembling UNIX, port 25 is listening.

Nope. You usually get the option "Local Delivery Only" when you
install Exim on Debian (the default iirc) and that gives you
/usr/bin/sendmail but nothing listens to port 25.

IIRC and all that... And assumptions are really bad for the health..
Assuming it is safe to stand on a railtrack just because you haven't
seen a train for a few hours is rather a silly thing to do. Similarly,
assuming an MTA always and forever will be installed, just because you
would prefer it that way, will leave you disappointed from time to
time.

> Nothing wrong with simplifying and streamlining, and creating
> something that's easy-to-use, but an MTA should be listening on the
> localhost for the day when the user discovers, unfortunately, that
> some program has decided to use it as a (valid) channel of
> communication with the user.  Those programs will silently fail and
> discard potentially needed information.  You might just as well rip
> out /var/log in the name of simplicity; it'll break some programs, but
> they'll probably trundle along, a savvy enough user can mkdir
> /var/log, chown and chmod, but it's really stupid and silly to break
> an invisible convention that isn't complicating an user's life until
> they discover it anyway.  The fact is, a great many programs assume
> that an MTA and local mail delivery is available, and those programs
> are broken by default on Ubuntu.  To even be self-consistent, every
> program in the Ubuntu core should be audited to make sure that it
> doesn't try to make use of local mail delivery (the packaging system,
> which uses email, needs to be modified; cron, certainly.)  And, of
> course, forget compatibility with the rest of the Linux world, where
> programs will go on thoughtlessly assuming a local mail system is
> available.  Of course, that's a silly proposition, but if you start
> your arguments with absurd premises, you're likely to draw absurd
> conclusions.

In the default install of Ubuntu (the desktop variant) the way your
average non-expert user would go about it, the only message you would
get from cron is about a dangling symlink. To be frank, the package
that contains the dangling symlink should probably be fixed, and then
you would get nothing. Your average non-technical user will not
install his/her system in a way that he/she would want to see the
output of 'mdadm -F' or anything along those lines.

If you have the need to see such messages, you have the technical
savvy to install the MTA required to get those messages delivered.

Perhaps Ubuntu should look into commissioning a small perl script that
handles local delivery to the user set up in the install process? That
would require no configuration during the install, and if
/usr/bin/sendmail points to /etc/alternatives/sendmail which points to
the script, when a full MTA is installed, it can change the
/etc/alternatives symlink.
It neatly shuts up the people complaining about missing out on a
single useless warning about dangling symlink, it will draw very
little space and will pose no real security threat. If anyone require
anything more than local delivery only, they could, and should,
install a proper MTA and configure it properly as well.

--
Anders Karlsson <trudheim at gmail.com>