# Proofpoint



## hruodr (Jun 3, 2022)

In is terrible that this company bought sendmail:









						Why is an Israeli intelligence-linked company filtering US journalists' emails?
					

Proofpoint cybersecurity firm has acquired three companies connected to the Israeli military.




					electronicintifada.net


----------



## getopt (Jun 3, 2022)

hruodr said:


> is terrible that


It could have been worse if they bought something more relevant.

In /etc/rc.conf you can selfdefend by:

```
# Disable Sendmail by default
sendmail_cert_create="NO"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
```
Or "live in a buildworld" by setting in /etc/src.conf

```
WITHOUT_SENDMAIL=yes
```
which is a boycott that works.

The important hint is:


			
				https://electronicintifada.net/content/why-israeli-intelligence-linked-company-filtering-us-journalists-emails/35581 said:
			
		

> Email filtering ...  also involves giving a third party access to your data. According to Daniel Kahn Gillmor, a technologist at the American Civil Liberties Union: “When you engage a security company to do filtering on your data, you are giving that security company access to your data … employing a security company means trusting that company to not leak information they have about your internal communication.”



Which boils down to this imperative:

Always live in a way that you do not need to give anyone access to your internal communication and data.


----------



## hruodr (Jun 3, 2022)

getopt said:


> It could have been worse if they bought something more relevant.


sendmail is relevant, extensively deployed, was long the standard MTA in *BSD.

 I hope there is enough auditing, and perhaps it is once again *BSD licensed.
The question of alternatives is a big discussion.

The free "successor" evolve too slow, here a comparison:



			MeTA1
		


but exim, courier are not mentioned. qmail, that sounds interesting, is unfortunately not maintained.


----------



## hardworkingnewbie (Jun 3, 2022)

hruodr said:


> In is terrible that this company bought sendmail:
> 
> 
> 
> ...


Really - who cares and what's the problem with it? Sendmail does what you tell it to do; if it does strange things than it is your fault. It will not change just because there's this company behind it. Sendmail does its job for you and works well? So, no reason to abandon it.

Want a BSD licensed MTA? Take OpenSMTPD. Want something which has been around longer? Take Postfix. Or Exim, Haraka, Netqmail whatever, I don't care. There's enough choice available.


----------



## VladiBG (Jun 3, 2022)

It's from 2013





						Proofpoint, Inc. Acquires Sendmail, Inc. | Proofpoint US | Ghostarchive
					






					ghostarchive.org


----------



## getopt (Jun 3, 2022)

hardworkingnewbie said:


> Sendmail does what you tell it to do; if it does strange things than it is your fault. It will not change just because there's this company behind it.


Yes, configuring Sendmail properly is the responsibility of an admin.
If a software does strange things may not always be admins' responsibility. There are bugs, backdoors, vulnerabilities, zero-days etc. which all is beyond admins' responsibility.

Choosing a software maintained by the intelligence-military industrial complex may be seen as taking a risk.



VladiBG said:


> It's from 2013


Yeah! 2013 is the year Edmund Snowden provided relevant information on IT-security and beyond. Those who wanted to learn from his revealings got some lessons about trusting. Where trusting means believing (=not knowing/hoping/taking a risk) that you won't be fu**ed.

So just avoid/boycott products that can potentially bite you. It's just that simple if there were not a big BUT:

Regarding communications there is more than just a sender or a single receiver. Safe and secure communication is also about transport, man-in-the-middle and "service providers".

Just looking on one's own installation is just not enough.

It's from 2013 means: It's not outdated. It is still relevant. And thank you for remembering us.


----------



## hardworkingnewbie (Jun 3, 2022)

getopt said:


> Yes, configuring Sendmail properly is the responsibility of an admin.
> If a software does strange things may not always be admins' responsibility. There are bugs, backdoors, vulnerabilities, zero-days etc. which all is beyond admins' responsibility.
> 
> Choosing a software maintained by the intelligence-military industrial complex may be seen as taking a ri


You are partially wrong: it is entirely the admins' responsibility if exploits and vulnerabilities do become public knowledge to secure his own installation.

Aside that: tell me more about about these "risks" and what and  where they are considering the fact that Sendmail is *open source, *so that you could review it for funny things and you can always create your own binary based on that using ports.

I don't see many valid "risks" here at all, if so. At the end of the day it's about trust, and whom do you trust. If you're entirely paranoid, you could also come up with the idea that binary based OSes like FreeBSD come with a little "something something" to gather data for $WHATEVERIA.


----------



## hruodr (Jun 3, 2022)

hardworkingnewbie said:


> I don't see many valid "risks" here at all, if so. At the end of the day it's about trust, and whom do you trust.


*You* don't see many valid "risks" *here* at all. At the end of the day it's about trust, and whom do *you* trust.
You are speaking about *you*, and ignoring the experience of millions of people.


----------



## getopt (Jun 3, 2022)

hardworkingnewbie said:


> considering the fact that <XXX> is *open source, *so that you could review it


any "hard working newbie" just cannot do this: review millions of lines of source code from all software installed. Even if the required knowledge were available on the personal level by a hard working professional, that individual would not even have the time for doing anything else. Remember the 100+ bugs/vulnerabilities i.e. in Xorg that just resided in the code for more than a decade?

The possibility of reading OSS is not an argument that is valid in admin's life experience. Except for some few bug bounty hunters there is no systematic review done for multiple reasons. One of them is even the lack of understanding code. And some just sell discovered vulnerabilities as zero-days to various actors providing special services.


----------



## VladiBG (Jun 3, 2022)

You don't need millions of people which use a software and have zero knowledge of  understanding the  actual source code. What you need is group of code review developers with deep understanding of that particular program which can approve the code changes otherwise you will risk to have open source software which you trust only because it's used by millions of people assuming that some of those millions of people actually does the code review and spot some bug or malicious code which will be too late as it will be already committed.

Sendmail is still open source which provide you the option to inspect the actual code and it's entirely up to you if you want to use this software or not. You can't blame the company which still support development of this software without having any actual proof and speak against it just because it bought that software.

Read paragraph 6 from the license


			https://ftp.sendmail.org/LICENSE


----------



## hruodr (Jun 3, 2022)

VladiBG said:


> You can't blame the company which still support development of this software without having any actual proof and speak against it just because it bought that software.


Blame of what? I only said: "it is terrible that this company bought sendmail".


----------



## VladiBG (Jun 3, 2022)

It will be terrible if they don't provide the source code and make it entirely closed source and start asking money for it. Now they provide additional software and also support the development of sendmail so i don't see anything wrong with this.


----------



## Alain De Vos (Jun 3, 2022)

Using dovecot & opensmtpd , so it does not influence me.


----------



## hruodr (Jun 3, 2022)

VladiBG said:


> It will be terrible if they don't provide the source code and make it entirely closed source and start asking money for it. Now they provide additional software and also support the development of sendmail so i don't see anything wrong with this.


That would have been worse. The reason that your arguments are limited was given by getopt.



getopt said:


> Choosing a software maintained by the intelligence-military industrial complex may be seen as taking a risk.


And I said: "it is terrible that this company bought sendmail". sendmail was property of sendmail inc and it
was sold. I, and sure not only I, would have preferred that other company would have bought it and 
maintains it. That is all.


----------



## hruodr (Jun 3, 2022)

Alain De Vos said:


> Using dovecot & opensmtpd , so it does not influence me.



It is a much simpler program than sendmail, and in spite of it:



> On 28 January 2020, a vulnerability in OpenSMTPD was disclosed that could be remotely exploited to run arbitrary shell commands as root. OpenSMTPD 6.6.2 was released to fix the vulnerability



See:









						OpenSMTPD - Wikipedia
					






					en.wikipedia.org


----------



## obsigna (Jun 3, 2022)

Proofpoint and Spamhaus are playing in the same league.

Those who like/use Spamhaus don't have many reasons to blame Proofpoint for anything. Or vice/versa, your objections against Spamhaus should be the same as it are against Proofpoint.

In 2015 I wrote an article tangling this on both:





						Why not use Spamhaus? Why not use Proofpoint or any other DNSBL?
					






					obsigna.com


----------



## Lamia (Jun 3, 2022)

Sendmail has been replaced with ssmtp long ago.

Yes, we always do.


----------



## PMc (Jun 5, 2022)

hardworkingnewbie said:


> Really - who cares


I do. Sendmail is one of the core pieces of our Berkeley heritage. It's tradition. I don't know what got into someone's mind to sell it to the pointless proof.


----------



## Alain De Vos (Jun 5, 2022)

Just a thought experiment. Let's say "/bin/sh" is sold to Microsoft. I don't care because the shell of my root account is "zsh".
What is important is that FreeBSD is safe. As is beasty as done by Kirk.


----------



## hruodr (Jun 5, 2022)

Alain De Vos said:


> Let's say "/bin/sh" is sold to Microsoft. I don't care because the shell of my root account is "zsh".


The problem is in my opinion that programs like sh and in part sendmail are parts of BSD.
I (and I think others) use *BSD because I am used to the programs in it, used to this OS
as traditionally it is. The reason in my case is definitively not that it is safe.


----------



## hruodr (Jun 5, 2022)

PMc said:


> I don't know what got into someone's mind to sell it to the pointless proof.


Well, it was developed by Eric Allman for BSD, it was later maintained by his company, and he sold the company.


----------



## getopt (Jun 5, 2022)

PMc said:


> It's tradition.


OMG, how retrorse. Don't build your identity on such as you might get lost.
If wanting to "care" better clean up src.


----------



## stratact (Jun 5, 2022)

Alain De Vos said:


> Let's say "/bin/sh" is sold to Microsoft.


Perhaps someone did. They turned it into Powershell.


----------



## Jose (Jun 5, 2022)

I'll sell `/bin/sh` to whomever wants to pay for it. How much are they paying, again?


----------



## getopt (Jun 5, 2022)

stratact said:


> They turned it into Powershell.


Now it's time to talk about license.


----------



## hruodr (Jun 5, 2022)

getopt said:


> OMG, how retrorse. Don't build your identity on such as you might get lost.


No, identity not the issue, just custom. In principle it is no problem to use alternatives, to use other OS, but it is nice to have an OS at hand and not to continuously waste time learning other OS/Programs.


----------



## hruodr (Jun 5, 2022)

getopt said:


> Now it's time to talk about license.


Unfortunately sendmail has not anymore BSD license, but we fall again in the problem of alternatives.


----------



## getopt (Jun 5, 2022)

hruodr said:


> Unfortunately sendmail has not anymore BSD license, but we fall again in the problem of alternatives.


If sendmail has no BSD license anymore why is it still used in base contributions?

Alternatives? What kind of problem?


----------



## hruodr (Jun 5, 2022)

getopt said:


> Alternatives? What kind of problem?


Can you name a maintained MTA with BSD license, capable to relay a big number of Emails?

There is the tendence to put in the base systems programs like OpenSMTP or dma (dragonfly mail agent), but they are not substitutes for sendmail.

What kind of problem? Again, just used that the base system has such MTA and that it is not a specialised program that must be installed.


----------



## PMc (Jun 5, 2022)

hruodr said:


> No, identity not the issue, just custom. In principle it is no problem to use alternatives, to use other OS, but it is nice to have an OS at hand and not to continuously waste time learning other OS/Programs.


It's not only that. It's about roots. Reading in /usr/share/sendmail/cf/README like this gives me a smile:


> One normally masquerades as one of one's own subdomains (for example, it's unlikely that Berkeley would choose to masquerade as an MIT site)


From there you understand a piece of the motivation why the thing was developed - and why it was developed the way it is. And you wlll need such knowledge when something doesn't work as desired, to figure out and understand the root cause. 

This has indeed to do with identity. Because there always is an identity; everything has an identity, even if you deny it. But understanding and appreciating that identity, You're usually better off considering the whole. Because when you do away with it, you do not know where you are. And when you do not know who you are, you cannot figure out the location of anything else. Then you will just take the manual, enter the commands as are written there, and wonder why it doesn't work as expected...

Sure, we can use or learn or do everything, and nowadays we're told this is only a matter of the necessary time&effort, which can be counted and measured. Like if we were machines, who only take a measurable amount of compute to do anything desired. But, are we? Are we indeed just machines, here to fulfil the desire of - yeah, of whom?


----------



## getopt (Jun 5, 2022)

PMc said:


> This has indeed to do with identity. Because there always is an identity; everything has an identity, even if you deny it.


Ha! I knew that I'll get you with that. Using tradition wording is so revealing.


----------



## Jose (Jun 5, 2022)

hruodr said:


> Can you name a maintained MTA with BSD license, capable to relay a big number of Emails?


Why does every Freebsd host need to relay a big number of emails? Most of mine don't.



hruodr said:


> There is the tendence to put in the base systems programs like OpenSMTP or dma (dragonfly mail agent), but they are not substitutes for sendmail.


DMA is not designed to be a full-featured MTA, sure, but what's the problem with Opensmtpd?


----------



## PMc (Jun 5, 2022)

getopt said:


> Ha! I knew that I'll get you with that. Using tradition wording is so revealing.


Yeah, but what's Your point in it? 

See, I'm an old man now, and I start to look back onto my life. At times when we wanted to install emacs and sent an email in the morning, and at evening we got back hundred emails with slices of the source package. At these times I looked up at guys like Eric Allman, and I adored them. So this is part of my identity. What to do with it? Put it in a museum and forget about it?


----------



## hruodr (Jun 5, 2022)

Jose said:


> Why does every Freebsd host need to relay a big number of emails? Most of mine don't.


Not every FreeBSD host need to do that, but (Free)BSD offers some software as part of it and such MTA
is part of it. It is not like Linux that is only the kernel and all the rest is a question of personal choice.

OpenSMTP is also not a replacement for sendmail, it is more like dma.


----------



## getopt (Jun 5, 2022)

PMc said:


> Are we indeed just machines, here to fulfil*l* the desire of - yeah, of whom?


The use of "we" gets just a little too profane nowadays. We the people ... etc.
I get more and more repelled on what "we" may be.


PMc said:


> Put it in a museum and forget about it?


On a personal stage I'd suggest to backup on a backup medium that survives. Then get someone to put a copy in there:








						Barbarastollen – Wikipedia
					






					de.wikipedia.org
				




And yes, the sentimentality of men getting aged even hits me occasionally. But what bothers me most is the stupidity of the species I belong to, which implies a "we" I cannot deny. *)

This species is now at the stage having to prove "being human" by solving captchas. When it comes to this, it is a privilege being blind.

*) but some can as this joke (relevant to identity) suggests:
 If a horse is neighing like a horse, and is galloping like a horse but is saying nowadays "I'm not a horse!", then you met a Russian horse.


----------



## Jose (Jun 5, 2022)

hruodr said:


> Not every FreeBSD host need to do that, but (Free)BSD offers some software as part of it and such MTA
> is part of it. It is not like Linux that is only the kernel and all the rest is a question of personal choice.


Why does base need a full-featured MTA?



hruodr said:


> OpenSMTP is also not a replacement for sendmail, it is more like dma.


This is not what the project claims


> Be fast and efficient. OpenSMTPD must be able to handle large queues with reasonable performance.








						OpenSMTPD: Goals
					

OpenSMTPD Goals



					www.opensmtpd.org
				




Got a source for your claim that "it is more like dma?"


----------



## PMc (Jun 5, 2022)

Jose said:


> Why does base need a full-featured MTA?



Indeed I am wondering about that. There was the removal of named/BIND, only to then add unbound for local usage. So since the default configuration apparently uses sendmail only for local delivery, there is not really a need for sendmail to do that.


----------



## PMc (Jun 5, 2022)

getopt said:


> The use of "we" gets just a little too profane nowadays. We the people ... etc.
> I get more and more repelled on what "we" may be.


*shrug* There is such a thing called human beings...



getopt said:


> On a personal stage I'd suggest to backup on a backup medium that survives. Then get someone to put a copy in there:
> 
> 
> 
> ...


Certainly. If people are no longer able to sustain, then at least the national value should be preserved.



getopt said:


> And yes, the sentimentality of men getting aged even hits me occasionally. But what bothers me most is the stupidity of the species I belong to, which implies a "we" I cannot deny. *)
> 
> This species is now at the stage having to prove "being human" by solving captchas. When it comes to this, it is a privilege being blind.


So You seem to get the point. Or some of it.



getopt said:


> *) but some can as this joke (relevant to identity) suggests:
> If a horse is neighing like a horse, and is galloping like a horse but is saying nowadays "I'm not a horse!", then you met a Russian horse.


I entirely fail to get any sense out of that.


----------



## hardworkingnewbie (Jun 5, 2022)

hruodr said:


> Can you name a maintained MTA with BSD license, capable to relay a big number of Emails?
> 
> There is the tendence to put in the base systems programs like OpenSMTP or dma (dragonfly mail agent), but they are not substitutes for sendmail.
> 
> What kind of problem? Again, just used that the base system has such MTA and that it is not a specialised program that must be installed.


Now that's really a nonsense criterium. 99.9% of the people don't have to relay a big number of emails (let's say >= 1 million/day); and these who do are doing it probably as their business and therefore don't worry about the software license too much. 

And these who do care about this speed either are going to use Postfix, or if Postfix is too slow will switch over to Haraka.


----------



## drhowarddrfine (Jun 5, 2022)

Jose said:


> Why does base need a full-featured MTA?


Because FreeBSD is a full-featured operating system, though "full-featured" may be a key adjective for sendmail and whether that much is needed.


----------



## Jose (Jun 5, 2022)

drhowarddrfine said:


> Because FreeBSD is a full-featured operating system...


Why doesn't that full-featuredness include a graphical desktop environment, an authoritative DNS server, or a Git client?


----------



## getopt (Jun 5, 2022)

drhowarddrfine said:


> Because FreeBSD is a full-featured operating system


Is it? Or is that marketing-speak?

I'd like to point to  /usr/src/contrib where you find all "contributions" to what we call "base".

There is a lot in there but when is "full" fully featured? OpenBSD i.e. makes other selections.

As all these base contributions are more (OpenSSL) or less (tzdata) affected by security events. Because of that I happily "build my world" WITHOUT (see src.conf(5)) where possible. And I do prefer ports available instead, for some even alternative ports as this method opens a choice.

My point is, that those contributions are a selection. And selections imply that something is chosen while other is not. These decisions are rarely communicated transparently. I.e. the Mozilla Foundation gets revenues for providing Google a preferred place among the search engines. So sometimes there are reasons that are not technically or for compatibility reasons only.


----------



## hruodr (Jun 5, 2022)

PMc said:


> There was the removal of named/BIND, only to then add unbound for local usage


I am against the removal, or at least for a substitution with a full featured DNS server.



Jose said:


> Why doesn't that full-featuredness include a graphical desktop environment, an authoritative DNS server, or a Git client?


DNS server and Git client should be there, X11 perhaps also. The two first, as also sendmail, and perhaps X11, are not big programs. Why people get disturbed by their mere presence?

So as MacOS is a full featured OS, should also be (Free)BSD.


----------



## PMc (Jun 5, 2022)

hruodr said:


> I am against the removal, or at least for a substitution with a full featured DNS server.


I agree.


hruodr said:


> DNS server and Git client should be there, X11 perhaps also. The two first, as also sendmail, and perhaps X11, are not big programs. Why people get disturbed by their mere presence?
> 
> So as MacOS is a full featured OS, should also be (Free)BSD.


Problem: how many product design artists are employed to work on MacOS?

This is a resource exhaustion problem: MacOS does not claim to be a suitable server OS (to some extent it can be, but then you have to adapt things youself). And also for the client experience the choices are limited: there is already a specific look+feel and you have more or less accept and use that. If you want a different window manager, again you're on your own. 

It you begin with X11, I am certain there is a real mass of folks complaining that KDE or gnome or whatever is not readymade starting up. This approach does not find an end and is exponentially growing. And at the same time there is no personnel that could put all that together - nowhere. What we would get is something that might work and probably run a web-browser, but in real everyday use one will stumble over hundreds of loose ends and ill-conceived layouts.
I suppose it is no longer practical to have a server OS (something that can be rolled onto a cloud KVM) and a desktop/handheld OS in the same development line. And this will get worse as requirements diverge further.

Example:


1b5be7204eaeeaf58eefdebe5b308f90792c693b


This change makes `rtsol` run a bit earlier, so that people get their IPv6 configuration from DHCP faster (or whatever on that line).
At the same time it makes each single one of my jails take 15 seconds longer to startup. Because these solicitation requests do now run at a time when the firewall is not yet loaded, and run into timeout a couple of times.

So, what one side sees as an improvement, is a damage to the other.


----------



## ralphbsz (Jun 6, 2022)

hruodr said:


> In is terrible that this company bought sendmail:


It is irrelevant. As discussed in this thread, they bought the Sendmail Inc. company that had been owned by Eric and friends. They did not buy the source code, as it can not be bought, being under a freeware license. They are modifying and releasing the source code, and FreeBSD today uses one version of the source code modified by them. More about the license situation below.



VladiBG said:


> It's from 2013


Exactly. Ancient news. But not terribly newsworthy.



getopt said:


> If a software does strange things may not always be admins' responsibility. There are bugs, backdoors, vulnerabilities, zero-days etc. which all is beyond admins' responsibility.


Yes, but given that Eric is involved, and the sendmail source code is not overly complex or long, the probability of that is near zero.



getopt said:


> any "hard working newbie" just cannot do this: review millions of lines of source code from all software installed. Even if the required knowledge were available on the personal level by a hard working professional, that individual would not even have the time for doing anything else. ...
> 
> The possibility of reading OSS is not an argument that is valid in admin's life experience. Except for some few bug bounty hunters there is no systematic review done for multiple reasons.


Yes, for one amateur to do it is probably too hard. But in the case of sendmail, my educated guess it that the FreeBSD project has sufficient manpower to review all changes to sendmail (here, man = Eric). And even for large software projects (such as freeware databases or kernels), the large industrial users are capable of doing an in-depth review. I'm quite sure that the big users do perform these full reviews, using teams of dozens or hundreds of engineers.



VladiBG said:


> You don't need millions of people which use a software and have zero knowledge of  understanding the  actual source code. What you need is group of code review developers with deep understanding of that particular program which can approve the code changes ...


Exactly. And that happens among big users.



hruodr said:


> Unfortunately sendmail has not anymore BSD license, but we fall again in the problem of alternatives.


However, if you read the license (it's the file LICENSE at the top of the source tree), it sort of contains the BSD license as a special sub-case for open source usage.

Another question that was discussed in this thread: Why does FreeBSD still ship sendmail as the default MTU, given that 99.99% of all machines on the planet do not need to run a full-feature MTU which pairs with the open internet? There are two answers to that. The first one is that it is low risk, and great convenience to those FreeBSD users that have existing sendmail configurations. And it is no hassle to those people who want to use an alternative (simpler) MTU, they can install many of those from ports, disable sendmail, and instead use the MTU of their choice. It is what I do on my FreeBSD server.

Second argument: Tradition. I think sendmail has been used on *BSD for ~40 years; the author of sendmail is deeply involved in the BSD community.


----------



## drhowarddrfine (Jun 6, 2022)

Jose said:


> Why doesn't that full-featuredness include a graphical desktop environment, an authoritative DNS server, or a Git client?


Because a complete operating system does not need one. Anything beyond the base system is forcing choice on the user which is not the path of FreeBSD. Forcing a graphic system then also forces those who do not want or need one to find a way to remove it.


----------



## drhowarddrfine (Jun 6, 2022)

getopt said:


> Is it? Or is that marketing-speak?



How could you ever complain FreeBSD is not a complete operating system?


----------



## Phishfry (Jun 6, 2022)

getopt said:


> sendmail_enable="NONE"


I don't think this is correct. Should be sendmail_enable="NO" as per /etc/defaults/rc.conf

```
# Settings for /etc/rc.sendmail and /etc/rc.d/sendmail:
sendmail_enable="NO"    # Run the sendmail inbound daemon (YES/NO).
```
The rest is fine.


----------



## hruodr (Jun 6, 2022)

ralphbsz said:


> Yes, but given that Eric is involved, and the sendmail source code is not overly complex or long, the probability of that is near zero.


We hope that he works long on sendmail.


----------



## getopt (Jun 6, 2022)

Phishfry said:


> I don't think this is correct. Should be sendmail_enable="NO" as per /etc/defaults/rc.conf


The function checkyesno() defines what is "correct" and generates error- and warning-messages.

Now test in /etc/rc.conf:


```
sendmail_enable="nonsense"
```


----------



## getopt (Jun 6, 2022)

drhowarddrfine said:


> How could you ever complain FreeBSD is not a complete operating system?


I did not complain. I asked.


drhowarddrfine said:


> Because FreeBSD is a full-featured operating system, though "full-featured" may be a key adjective for sendmail and whether that much is needed.


The term "full-featured" fits in marketing-speak, IMO. Those terms can be disputed all the time, as it always may be regarded as not featured fully enough, while other may be more satisfied with Nano-BSD.


----------



## getopt (Jun 6, 2022)

ralphbsz said:


> But in the case of sendmail, my educated guess it that the FreeBSD project has sufficient manpower to review all changes to sendmail (here, man = Eric).


One always can sugarcoat the situation. One single person is likely one single point of failure. With all respects, generally speaking.

And I doubt that our FreeBSD project uses it's restrained manpower for explicit security auditing all 3rd-party contributions. If they did, they would publish security warnings for i.e. for contributions like OpenSSL before others publish them. I did not notice that this ever happened.

BTW the OpenSSL project did learn it the hard way being a one-man-project. That has been changed.


----------



## drhowarddrfine (Jun 6, 2022)

getopt said:


> The term "full-featured" fits in marketing-speak, IMO.


Yes, I had mentioned that the term may change what is being asked.

These weekly topic threads about this--and similar--are boring and pointless.


----------



## getopt (Jun 6, 2022)

drhowarddrfine said:


> These *weekly topic threads* about this--and similar--are boring and pointless.


Please explain by what you mean with "weekly topic threads".
Why weekly and which topics?
What filter do you suggest?

Once a topic is started one may find it interesting or not. But lots of contribution add pointlessness and are indeed boring, inclusive reading about "weekly topic threads".

*Hint:* Do not waste your lifetime on reading or adding to whatever you may find boring or pointless. But do not expect that others share your taste.


----------



## drhowarddrfine (Jun 6, 2022)

getopt
By weekly I mean, it seems every week we get a new thread that starts with "Why isn't FreeBSD like..." or it gets there eventually (which is off topic, too). Such things are boring because we wind up having to defend the reason FreeBSD does what it does and it shows no effort on the part of the asker. Especially an asker who obviously doesn't know how to use Google.

Yes, I don't waste my time reading or adding to such threads. If one has noticed, I don't participate as much as I used to for the reason given. Now that I have more time to think, I notice such things more and more.


----------



## getopt (Jun 6, 2022)

drhowarddrfine said:


> "Why isn't FreeBSD like..." or it gets there eventually (which is off topic, too).


You suggest a forum-rule-based termination of this thread?

Because 3rd-party contributions are discussed?
Is that what you cannot stand personally?

BTW: I just watch my editing of this post. All edits are sent to /threads/proofpoint.<member>/draft
Which means that all your thoughts can be read even if you delete before posting the reply. 

This is such a nice feature that I prefer editing in my local editor and just paste the final result from now on.


----------



## PMc (Jun 6, 2022)

I think it is a very valid question to discuss why FreeBSD keeps sendmail but dropped BIND.
The security concerns of sendmail seem also a valid question - but these have already been discussed for more than twenty years.

The other aspect (and this is a personal one, but i think Off-Topic is a place to state personal impressions, too) whenever I need to lookup some of the features of sendmail (and I do it in the way we do things nowadays: I use google) then I end up at a snake-oil selling company (and the first thing they demand is that you disengage the security settings of your browser).

This is not an isolated effect, it rather seems to reflect the state of the Internet as a whole: whenever I try to lookup some other term, say psychology, social development or mysticism, I also get only to lots of snake-oil selling companies. In contrast, some 15 years ago there was still lots of valuable information to be found. This has mostly disappeared, in favour of "buy our crap!". 
(It is better with BIND - there is also the "buy our products!" stuff, but there you get to an .org site, you get the impression that there are actual engineers involved, and they indeed have the current manual online. )

So this is what annoys me. I don't care if one or the other shop is linked to one or the other secret service or whatever, because there is a simplified approach: just consider them all criminals and you will not be surprized by their actions.


----------



## PMc (Jun 6, 2022)

getopt said:


> BTW: I just watch my editing of this post. All edits are sent to /threads/proofpoint.<member>/draft
> Which means that all your thoughts can be read even if you delete before posting the reply.


*Laugh* How else should the temporary state of your edit be kept when you happen to restart the browser?
With more simple forum software the edit was kept in the form-data of the browser, and in case of a crash, the browser might restore it, or you could pull it out of that file. 
With this one, it is stored on the server side. And that also has problems, because there is only one draft per thread. So, imagine you start to write a lengthy reply in some thread, then open a new browser window, write a short answer to some new posting in the same thread, then accidentially close the browser-window with the lengthy reply - then that draft is gone forever.

This is what hits me occasionally, and so this is a good idea:



getopt said:


> This is such a nice feature that I prefer editing in my local editor and just paste the final result from now on.



Anyway, everything you enter into an AJAX enabled browser window, might get sent out to the network immediately.


----------



## drhowarddrfine (Jun 6, 2022)

getopt said:


> Because 3rd-party contributions are discussed?


I said nothing about that. But I'm not going to argue with you.


----------



## getopt (Jun 6, 2022)

drhowarddrfine said:


> I said nothing about that. But I'm not going to argue with you.


As you can see it was just a question. I'm not interested either in "arguing".
So boring. So pointless.


----------



## hardworkingnewbie (Jun 6, 2022)

PMc said:


> I think it is a very valid question to discuss why FreeBSD keeps sendmail but dropped BIND.


For me BIND is quite simple: almost everybody does need a DNS resolver; but only a few percentage of users will have use for a domain name server. And most who are owning a domain will just use the DNS being provided by their ISP. 

So BIND in the end is dragging around a tool where only a small area - DNS resolving - was and is used by the vast majority of users. 

We could also just use the license argument - BIND is MPL-2.0 while Unbound is new BSD.


----------



## Jose (Jun 6, 2022)

hardworkingnewbie said:


> For me BIND is quite simple: almost everybody does need a DNS resolver; but only a few percentage of users will have use for a domain name server. And most who are owning a domain will just use the DNS being provided by their ISP.
> 
> So BIND in the end is dragging around a tool where only a small area - DNS resolving - was and is used by the vast majority of users.
> 
> We could also just use the license argument - BIND is MPL-2.0 while Unbound is new BSD.


Let's replace "BIND" with "Sendmail" in this post.

For me Sendmail is quite simple: almost everybody needs to send mail; but only a few percentage of users will have use for a mail forwarder. And most who do forward mail will just use the mail exchanger provided by their ISP.

So Sendmail in the end is dragging around a tool where only a small area - mail forwarding - was and is used by the vast majority of users.

We could also just use the license argument. Sendmail is no longer BSD-licensed while DMA is.

(Begging hardworkingnewbie 's forbearance. I do not mean this in a mocking way. You make a strong argument for removing BIND from base, and I believe it applies equally well to Sendmail.)


----------



## stratact (Jun 6, 2022)

drhowarddrfine said:


> Because a complete operating system does not need one. Anything beyond the base system is forcing choice on the user which is not the path of FreeBSD. Forcing a graphic system then also forces those who do not want or need one to find a way to remove it.


Indeed! I'd rather use a complete operating system as a base to tailor my systems, than use a "piecemeal system" that puts together a random kernel and userland which doesn't coherently function as a whole by design. In the end, these "piecemeal systems" lead to various superfluous forks of the same software stack after some modifications and sadly with little transference of knowledges between them.


----------



## hruodr (Jun 6, 2022)

hardworkingnewbie said:


> almost everybody does need a DNS resolver; but only a few percentage of users will have use for a domain name server. And most who are owning a domain will just use the DNS being provided by their ISP.


Then we leave there only what most people use, delete the rest. At the end will FreeBSD become the desktop system a lot of people dream of.


----------

