Viktor Dukhovni:
> On Wed, Dec 19, 2018 at 01:51:19PM -0500, Scott Kitterman wrote:
>
> > > So the real question is whether there is a non-trivial community
> > > of users who:
> > >
> > > * Have no explit "smtp_tls_security_level" setting in their main.cf
> > > file.
> > >
> > > * Would not mind to see TLS turned on as a side-effect of a future
> > > upgrade, but can't find the activation energy to do it explicitly.
> > >
> > > Or, whether there are Postfix package maintainers in the same boat:
> > > too busy to add code to enable opportunistic TLS in the client at
> > > package install time, but would be happy to see it happen upstream.
> >
> > I'm definitely in favor of it being enabled by default, but, in addition to
> > being busy, I've been trying to work towards less deviation from upstream
> > in
> > Debian vice more. There is already plenty that is well baked into our
> > ecosystem that would be hard to cleanly remove without causing upgrade
> > problems.
> >
> > Bottom line, I'd love to see it upstream and am unlikely to do it myself.
>
> If there are no objections, I can change the default to "may" when
> TLS is compiled in.
Unrelated but related, what should happen when someone unwittingly
builds Postfix without TLS support, and Postfix configuration a)
enables opportunistic TLS or b) Postfix configuration requires TLS?
Will b) result in mail being sent as plaintext?
Should the build system be updated to use -DUSE_TLS by default and
to explicitly require -DNO_TLS if people want to build without TLS?
Wietse
