From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=iQLS=ER=redhat.com=fweimer@sourceware.org>
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by sourceware.org (Postfix) with ESMTPS id 5E8633858D37
	for <libc-alpha@sourceware.org>; Fri,  1 Sep 2023 11:49:45 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5E8633858D37
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1693568985;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=hwp69H6aISaWOSsfasPEW/RImhNQCBH7uWQnXMfm7NY=;
	b=OQuNXh9AkIMOFge8QTWp5OVcCv1c6KyZlHRTGrAOuIwqvjUNyXfTcvCQofpsWa8KIOxgZA
	KfvU0isuJI58Lp76sd3Vc8B0597x+e6446V01NTV6sDj0x2Ulk72oI9c44iyJ4waWHnuWH
	jbRw6UsjvkG3QelQsc4l3sje8OBtujA=
Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73])
 by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-161-Dl9tm6wRPh6vD2f3LdW97g-1; Fri, 01 Sep 2023 07:49:42 -0400
X-MC-Unique: Dl9tm6wRPh6vD2f3LdW97g-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 89C8E3C0EAA0;
	Fri,  1 Sep 2023 11:49:41 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.2.16.11])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 39965200A7CB;
	Fri,  1 Sep 2023 11:49:39 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Andrew Pinski <pinskia@gmail.com>
Cc: Sam James via Libc-alpha <libc-alpha@sourceware.org>,  Jakub Jelinek
 <jakub@redhat.com>,  Andreas Schwab <schwab@suse.de>,  Mark Wielaard
 <mark@klomp.org>,  Joseph Myers <joseph@codesourcery.com>,  Maxim Kuvyrkov
 <maxim.kuvyrkov@linaro.org>
Subject: Re: [Action Required] glibc decision to use CTI services.
References: <b84ea4a5-651a-1a4c-06c8-e9ade4b7d702@redhat.com>
	<orsf805tyf.fsf@lxoliva.fsfla.org>
	<cc4f81c9-29b7-76af-b188-a6db4f32bcb@codesourcery.com>
	<15af1715-3530-7c29-7595-5abe48c18e8b@cs.ucla.edu>
	<87ledqe8ej.fsf@gentoo.org> <87fs3yp91h.fsf@oldenburg.str.redhat.com>
	<CA+=Sn1npmF58A7VqyE_nkeqFMvsUDGaiF_S6o+dO1JU=peJZ6w@mail.gmail.com>
Date: Fri, 01 Sep 2023 13:49:37 +0200
In-Reply-To: <CA+=Sn1npmF58A7VqyE_nkeqFMvsUDGaiF_S6o+dO1JU=peJZ6w@mail.gmail.com>
	(Andrew Pinski's message of "Fri, 1 Sep 2023 02:03:35 -0700")
Message-ID: <87wmxanmem.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

* Andrew Pinski:

> On Fri, Sep 1, 2023 at 1:56=E2=80=AFAM Florian Weimer via Libc-alpha
> <libc-alpha@sourceware.org> wrote:
>>
>> * Sam James via Libc-alpha:
>>
>> > As far as I've seen, the sourceware overseers handle requests
>> > promptly. Is there something we've asked them to do which they've
>> > been unable to fulfill?
>>
>> Removing the From: header rewriting from the mailing lists, including
>> libc-alpha.  With the current list configuration, =E2=80=9Cgit am=E2=80=
=9D often does
>> not produce correct results.
>
> Isn't that due to security (anti-spam) measures of many ISPs?

No, not really, it's about preserving the integrity of messages.
Something that we should interested in anyway, particularly for patches.
Historically, Mailman promoted editing of messages in various ways while
distributing them over the list, and DKIM/DMARC prevents that.

> How can someone solve that issue without the rewriting due to mailing
> lists and security measures not going hand in hand these days?

It's true that the default DKIM configuration in Debian & Co. prevents
forwarding of DKIM-signed mail over mailing lists while preserving the
signature: they explicitly sign message in such a way that they assert
the non-existence of headers related to mailing lists.

Empirically, the large mail operators and most corporations (as long as
they do not use Debian & Co.) simply don't do this.  Their signatures
only cover the body and critical headers already included in the message
(and which the mailing list software does not need to alter).  For
others, it's just a minor configuration change, which is hopefully easy
to implement for smaller organizations.

Mailing lists without From: rewriting are not unusual at all: gnu.org,
kernel.org, openjdk.java.net all operate in this way, to name just a
few.  So upstream participation often requires that you use a mail
service that does not prohibit distributing mail over mailing lists.

There's one remaining issue: what to do with mail that has HTML
alternate parts that you want to remove as a list policy matter.  This
requires stripping certain DKIM signatures, which in turn my necessitate
From: header rewriting, depending on the DMARC policy.  But this
unlikely to get implemented in the Red Hat version of Mailman 2 (that
sourceware.org uses).

Thanks,
Florian