Sorry, my mail server does not seem to have received any email from debian when you sent your email on 2024-01-21. Was I supposed to have been automatically Bcc'd?
I disagree that the bug is not grave - I believe it meets the criterion of data being lost (and was in fact lost by the user). However, that does not really bother me. Note that I used quotation marks around the word unsafe because that is the wording used in the syslog message; the addresses are not unsafe. The problem is the space character. If you try to replicate my test, you will see that after adding the MAILTO line shown in my report, no error is displayed to the user. Later when the job runs, syslog receives an error and job output is discarded. This happens because of the erroneous space delimiter, not because of any unusual email address. I am suggesting that instead of waiting until the job runs (when it may be too late to notify the user), the check that is reported in syslog be performed when saving after editing, so that the error can be reported to the user immediately. To be clear, I'm not asking for cron to be "more clever than its users", but that it runs earlier the tests that it already performs. Refusing to save a crontab that would fail later avoids potential data loss. -jonathan georges.khaznadar wrote: > To: deb...@jhnc.org > Cc: 1061...@bugs.debian.org > From: Khaznadar Georges <georges.khazna...@orange.fr> > Date: Mon, 26 Feb 2024 17:48:06 +0100 (CET) > Subject: Re: cron: "crontab -e" does not report "unsafe" mail and so job > output can be lost > X-Mailer: Open-Xchange Mailer v7.6.3-Rev71 > > Hello Joathan, have you received my previous reply to your bug report? > It was one month ago. If you did not read it, you can find it today at > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061155 > > The title of the present bug report says that crontab -e cannot > detect “unsafe” email addresses. > > However, the example you proposed is the usage of e-mail addresses like > a...@example.org, b...@example.com, which can be parsed by the usual > regular > expressions, as valid e-mail addresses. > > So, I ask you again for other suggestions about a secure way to > distinguish “safe” from “unsafe” e-mail addresses. > > I suspect that asking a program to be more clever than its users is a > waste of energy. For example, if I send this email to > no-deb...@jhnc.org, chances are that the e-mail will never be > distributed. It is my responsability to send this e-mail to > deb...@jhnc.org, isn't it? > > If you do not mind, I suggest to close this bug report in a few days. > > Best regards, Georges.
