From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 5E8633858D37 for ; Fri, 1 Sep 2023 11:49:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5E8633858D37 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1693568985; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hwp69H6aISaWOSsfasPEW/RImhNQCBH7uWQnXMfm7NY=; b=OQuNXh9AkIMOFge8QTWp5OVcCv1c6KyZlHRTGrAOuIwqvjUNyXfTcvCQofpsWa8KIOxgZA KfvU0isuJI58Lp76sd3Vc8B0597x+e6446V01NTV6sDj0x2Ulk72oI9c44iyJ4waWHnuWH jbRw6UsjvkG3QelQsc4l3sje8OBtujA= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-161-Dl9tm6wRPh6vD2f3LdW97g-1; Fri, 01 Sep 2023 07:49:42 -0400 X-MC-Unique: Dl9tm6wRPh6vD2f3LdW97g-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 89C8E3C0EAA0; Fri, 1 Sep 2023 11:49:41 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.2.16.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 39965200A7CB; Fri, 1 Sep 2023 11:49:39 +0000 (UTC) From: Florian Weimer To: Andrew Pinski Cc: Sam James via Libc-alpha , Jakub Jelinek , Andreas Schwab , Mark Wielaard , Joseph Myers , Maxim Kuvyrkov Subject: Re: [Action Required] glibc decision to use CTI services. References: <15af1715-3530-7c29-7595-5abe48c18e8b@cs.ucla.edu> <87ledqe8ej.fsf@gentoo.org> <87fs3yp91h.fsf@oldenburg.str.redhat.com> Date: Fri, 01 Sep 2023 13:49:37 +0200 In-Reply-To: (Andrew Pinski's message of "Fri, 1 Sep 2023 02:03:35 -0700") Message-ID: <87wmxanmem.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: * Andrew Pinski: > On Fri, Sep 1, 2023 at 1:56=E2=80=AFAM Florian Weimer via Libc-alpha > wrote: >> >> * Sam James via Libc-alpha: >> >> > As far as I've seen, the sourceware overseers handle requests >> > promptly. Is there something we've asked them to do which they've >> > been unable to fulfill? >> >> Removing the From: header rewriting from the mailing lists, including >> libc-alpha. With the current list configuration, =E2=80=9Cgit am=E2=80= =9D often does >> not produce correct results. > > Isn't that due to security (anti-spam) measures of many ISPs? No, not really, it's about preserving the integrity of messages. Something that we should interested in anyway, particularly for patches. Historically, Mailman promoted editing of messages in various ways while distributing them over the list, and DKIM/DMARC prevents that. > How can someone solve that issue without the rewriting due to mailing > lists and security measures not going hand in hand these days? It's true that the default DKIM configuration in Debian & Co. prevents forwarding of DKIM-signed mail over mailing lists while preserving the signature: they explicitly sign message in such a way that they assert the non-existence of headers related to mailing lists. Empirically, the large mail operators and most corporations (as long as they do not use Debian & Co.) simply don't do this. Their signatures only cover the body and critical headers already included in the message (and which the mailing list software does not need to alter). For others, it's just a minor configuration change, which is hopefully easy to implement for smaller organizations. Mailing lists without From: rewriting are not unusual at all: gnu.org, kernel.org, openjdk.java.net all operate in this way, to name just a few. So upstream participation often requires that you use a mail service that does not prohibit distributing mail over mailing lists. There's one remaining issue: what to do with mail that has HTML alternate parts that you want to remove as a list policy matter. This requires stripping certain DKIM signatures, which in turn my necessitate From: header rewriting, depending on the DMARC policy. But this unlikely to get implemented in the Red Hat version of Mailman 2 (that sourceware.org uses). Thanks, Florian