On 2022-06-21 at 22:12:24, Ævar Arnfjörð Bjarmason wrote: > > On Tue, Jun 21 2022, brian m. carlson wrote: > > > Email::Valid is in fact correct. However, the email which you want to > > use doesn't conform to the RFC and isn't valid. So this should probably > > say something like, "Allow people to use an email address which is not > > valid according to the RFCs if the server accepts it." > > That's fair, but that rationale is quite disconnected from how the code > works now. You happen to get that check if you have Email::Valid > installed, otherwise not. > > So if it's a use-case we care about we should make it a hard dependency. Git has traditionally tried to avoid having lots of hard dependencies on Perl modules. For example, Perl modules are a hassle with Homebrew. Most packagers prefer to enable the full suite of Perl modules, but it is a bit nicer to not make it mandatory. However, if you feel strongly, we can change that. > > I think this patch would be fine as it stands with those changes. Unlike > > Ævar, I don't think we should get rid of Email::Valid, just like I don't > > think we should get rid of the transfer encoding checks. I support > > warning people before sending invalid emails, especially since I believe > > the address in question would not be deliverable through some mail > > servers (such as mine). > > Would this be addressed by instead opening a connection to the server, > and seeing if it is willing to accept these addresess on a "RCPT TO" > line? No, because that tells you whether your smarthost will accept it. There are often multiple different parties involved in SMTP (including various filtering programs, smarthosts, and relays) and all you'll know is whether the first one of them accepts it. I have seen systems where there could well be four or five stages of processing an email before it even left the host. This is no different than with things like lines longer than 998 octets, SMTPUTF8, or various other SMTP protocol issues. The only surefire way to know that your email will be accepted by the remote system is to speak the protocol properly. If people want an option to break the protocol, that's fine, but we should try to avoid doing that by default. The benefit to using Email::Valid in most cases is it prevents lots of obvious mistakes, where the email address is clearly syntactically invalid and undeliverable, especially due to bad author and committer metadata. The Linux kernel history shows that this is not uncommon and it's useful to avoid this problem so you don't have to blow up people's inboxes with a v2 right away just because you got an invalid address on v1. (Says the guy who has had to do almost exactly this.) -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
