Stale repo? #1193
Comments
|
@zmanion unfortunately the repo is indeed stale. The original author an maintainer @poolpOrg has moved on, and nobody else (except me) has write access to the repo. I am not an expert on OpenSMTPD and I got my access when I was doing some CI/CD improvements, so unfortunately I can't perform maintainer functions (nor do I want to). I can grant access to people who are interested in becoming new maintainers, but I want to get an ack from @poolpOrg first (unfortunately he is not responding) |
|
cc most active contributors, maybe someone wants to step up |
|
I moved on indeed but I do read mails and reply to them, I must have missed yours sorry 🙏I’ll happily help anyone get started with synchronizing this tree with OpenBSD, no one stepped up so far.Maybe this repo should be archived?
|
|
@poolpOrg I think it will be better to transfer ownership if someone steps up. This way stars, issues, pull requests history and the org and repo names will not be lost. |
No worries, I did not mail first, went directly to GitHub, sorry if I got the order wrong. Do you know who has write access to www.opensmtpd.org? That could also use a refresh. I also prefer this repo continues to exist, but only with sufficiently active maintenance. I would offer to assist, but I'm probably not qualified to be the lead maintainer. |
hi, fwiw and afaict the website is maintained in the OpenBSD www cvs repository, cf http:https://cvsweb.openbsd.org/cgi-bin/cvsweb/www/opensmtpd/ - patches for it should be set to the OpenBSD project (or to any active OpenBSD developer who uses smtpd and cares a bit, so that includes many OpenBSD developers..) |
|
I believe the repo is no longer stale since PR #1201 was merged? Although I suspect it will become stale again unless someone actively syncs the repo once in a while. @omar-polo If you don't mind explaining what was your general process for updating the repo? |
I'm willing to keep the repo in sync with CVS, to do some general -portable maintenance and reviewing PRs. I use OpenSMTPD on linux and FreeBSD so I'm interested in keeping the -portable version in the best possible shape :)
Well, the process is quite easy, although the devil is in the details. I started to apply in order the patches from the commits on CVS (which you can get from the github mirror too). Depending on the patch it could just apply cleanly or need some more work on top. Now I've started to sync |
|
Thanks, that is very helpful! Would you also happen to know how to handle issue #1171, perhaps even in a way that could be backported to OpenBSD? While I personally use LibreSSL, this is an issue for a lot of Linux distros. |
|
@orbea off the top of my head no. I wasn't aware of that issue (I still have to go through the list of issues, sorry); i'll look into it in the following days, just after i'll finish to sync some more code and fix other minor build issues. |
|
FYI: I've talked with @poolpOrg and we agreed to make a release. I've just tagged 7.3.0p0-rc1 (please test!) and plan to release in a couple of weeks. |
|
Would it be possible for this repo to be a downstream of the main OpenBSD CVS repo solely for the purpose of git benefits and CI/CD (for packaging) from Github? I wouldn't mind help setting up a CVS -> Git mirror (if such a thing is possible). This would make it easier to consume opensmtpd especially in container/non-traditional-packagemanager scenarios (#1216). @poolpOrg what do you think? |
|
@SohamG I don't know what you mean by that The OpenSMTPD in OpenBSD does not have any portability layer, if this repo was a downstream sync of the CVS repo, it would no longer build anywhere but on OpenBSD. |
|
My apologies, my understanding of the project was lacking when I commented.
On Sun, Aug 6, 2023 at 12:17 PM Gilles Chehade ***@***.***> wrote:
@SohamG <https://github.com/SohamG> I don't know what you mean by that
The OpenSMTPD in OpenBSD does not have any portability layer, if this repo
was a downstream sync of the CVS repo, it would no longer build anywhere
but on OpenBSD.
—
Reply to this email directly, view it on GitHub
<#1193 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABWJLT4OVDFVYLN52BX2GILXT67QDANCNFSM6AAAAAAWWY5FI4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
Soham Gumaste
***@***.***
|
Investigating this OpenBSD smtpd patch, I see that the OpenSMTPD repo is generally behind the OpenBSD smtpd source. For example, compare the history for
envelope.c:https://github.com/OpenSMTPD/OpenSMTPD/commits/master/usr.sbin/smtpd/envelope.c
https://github.com/openbsd/src/commits/master/usr.sbin/smtpd/envelope.c
This fix is not present in OpenSMTPD. This seems to be the most recent security fix, from 2022-09-27. Also, https://www.opensmtpd.org/ is stale, mentioning version 6.7 and the year 2020. The latest release tagged in the OpenSMTPD repo is 6.8.0p2,
smtpd.hsays 7.0.0 or 7.0.0-portable.One concern is that downstream users of OpenSMTPD code are going to miss security bug fixes. For example, Debian packages pull from OpenSMTPD, and have not backported a handful of security fixes. I appreciate that downstream has responsibility for backporting, and I'm not entirely clear on the relationship between OpenBSD and OpenSMTPD. That said, I propose at least warning OpenSMTPD consumers that OpenSMTPD code may be meaningfully behind OpenBSD smtpd code, at least for security fixes. This could be a warning on the OpenSMTPD repo and web site.
The text was updated successfully, but these errors were encountered: