On Sun, Apr 19, 2020 at 08:02:41PM +0200, Matus UHLAR - fantomas wrote:
> On 19.04.20 13:11, Wietse Venema wrote:
>
> >Warning: libc-musl breaks DANE/TLSA security.
> >Use a glibc-based Linux distribution instead.
> >Remove this test to build unsupported Postfix.
> >make: *** [Makefile:79: makefiles] Error 1
>
> Isn't this contrary to what you have said before?
>
> https://marc.info/?l=postfix-users&m=158715103506366&w=2
> > However, if people want to shoot themselves in the foot, then
> > Postfix won't stop them.
No, with that (trusting the AD-bit from remote nameservers) Postfix
still works exactly as documented. The administrator gets exactly
what he asked for.
The idea with the compile-time warning is to avoid surprise behaviour in
otherwise correct configurations, that differ unexpectedly only in the
platform C library.
The defensive check will I hope only be needed for a limited amount of
time. If/when a later release of libc-musl does return a usable AD
bit, the check can be removed.
--
Viktor.
