Hello!
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065034
This bug was filed with Debian a little over a month ago.
Unfortunately, the courier packages on Debian have long been poorly
maintained. Nobody seems to be willing to step up and help out. I know
Markus Wanner is/was doing his best and he deserves praise for helping
out rather than bitching by a do-nothing pleb like me, but the last two
package updates have been NMUs. He put out a Request For Help a long
time ago and nobody ever stepped up.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978755
We had an incompetent and disinterested maintainer in the form of Ondřej
Surý some time back. He really had no idea what he was doing, didn't
care, and f**ked s**t up real good.
An even larger threat would be if someone malicious were to come along
and adopt the packages. Courier may not be the most popular MTA, but if
I were a nation state actor or malware peddler looking for a reasonably
popular Well-Known sub-1024 socketed daemon, this Debian package would
be a prime candidate for take-over.
Finally, I realize I am creating a perfect opportunity for a bike shed,
and there's been a lot of that going around on the xz compromise issue.
I'm sorry. Also, just don't.
Thanks for reading
On 2/28/24 10:04 PM, ZHAO, fei wrote:
Package: courier
Severity: important
If the maintainer is unable to keep up with courier related packages, he
should orphan it.
Courier version outdated long.
courier-maildrop related questions not resolved for years and years.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
