> On Dec 19, 2018, at 1:51 PM, Scott Kitterman <[email protected]> wrote:
>
> I'm definitely in favor of it being enabled by default, but, in addition to
> being busy, I've been trying to work towards less deviation from upstream in
> Debian vice more. There is already plenty that is well baked into our
> ecosystem that would be hard to cleanly remove without causing upgrade
> problems.
>
> Bottom line, I'd love to see it upstream and am unlikely to do it myself.
For the record, the discussion is not about O/S package maintainers
making code changes to Postfix, but rather the content of the initial
"main.cf" file when the package is first installed. A package can
not only enable outbound opportunistic TLS, but perhaps also (given
sufficient understanding of the platform) enable DANE when there's
a validating local resolver, and generate initial self-signed cert
and turn on inbound TLS!
Doing the integration with the rest of the O/S and install-time
provisioning is in part up to the package maintainers.
My job is to make it easier by providing higher-level interfaces
such as the various "postfix tls ..." commands, but some of the
rest is up to package maintainers like you and ultimately the
users.
--
Viktor.
