On 20/06/2019 09:50, Ansgar Burchardt wrote:
Ansgar Burchardt writes:
(I don't maintain debootstrap.)
I don't think it is a good idea to require debootstrap to know about
such details.
For limiting network access, I would recommend instead using network
namespaces (to only provide limited network access for all processes)
and/or user namespaces (if filtering for single UIDs is really needed).
These do not require any uids to match between in- and outside.
And sadly the submitter's address bounced my mail as the mail provider
the submitter uses cannot parse RFC-5321 mail addresses correctly.
Well, you can use -submitter@ if you already know that your domain is
problematic. Even re-reading the RFC I'm not sure why that's a bug. RFC
5321 references RFC 1035's definition of the label, which specifies that
a <letter> needs to be first in the label. I didn't immediately find
anything updating that part of RFC 1035. RFC 2181 also specifies that
applications can impose additional restrictions on top of labels.
I'm happy to file an internal bug report if there is actually supporting
documentation rather than just trying out the boundaries of
deliverability. (Where I mostly wish you good luck. It's not a fight I
want to have, which is also why I mostly stopped using my @debian.org
address.)
Kind regards
Philipp Kern