Re: [PATCH] git-send-email: Add --no-validate-email option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 22 2022, brian m. carlson wrote:

> [[PGP Signed Part:Undecided]]
> On 2022-06-21 at 22:12:24, Ævar Arnfjörð Bjarmason wrote:
>> 
>> On Tue, Jun 21 2022, brian m. carlson wrote:
>> 
>> > Email::Valid is in fact correct.  However, the email which you want to
>> > use doesn't conform to the RFC and isn't valid.  So this should probably
>> > say something like, "Allow people to use an email address which is not
>> > valid according to the RFCs if the server accepts it."
>> 
>> That's fair, but that rationale is quite disconnected from how the code
>> works now. You happen to get that check if you have Email::Valid
>> installed, otherwise not.
>> 
>> So if it's a use-case we care about we should make it a hard dependency.
>
> Git has traditionally tried to avoid having lots of hard dependencies on
> Perl modules.  For example, Perl modules are a hassle with Homebrew.
>
> Most packagers prefer to enable the full suite of Perl modules, but it
> is a bit nicer to not make it mandatory.  However, if you feel strongly,
> we can change that.

Not really, since I'm proposing to remove it :)

But if we wanted to have our cake & eat it too we could use the
perl/FromCPAN tree for this purpose, i.e. ship the module with git, or
copy over the relevant parts of the check.

>> > I think this patch would be fine as it stands with those changes. Unlike
>> > Ævar, I don't think we should get rid of Email::Valid, just like I don't
>> > think we should get rid of the transfer encoding checks.  I support
>> > warning people before sending invalid emails, especially since I believe
>> > the address in question would not be deliverable through some mail
>> > servers (such as mine).
>> 
>> Would this be addressed by instead opening a connection to the server,
>> and seeing if it is willing to accept these addresess on a "RCPT TO"
>> line?
>
> No, because that tells you whether your smarthost will accept it.  There
> are often multiple different parties involved in SMTP (including various
> filtering programs, smarthosts, and relays) and all you'll know is
> whether the first one of them accepts it.  I have seen systems where
> there could well be four or five stages of processing an email before
> it even left the host.

Yes, it wouldn't be a perfect solution by any means, but I understood
your upthread "servers (such as mine)" to mean your local relay.

> This is no different than with things like lines longer than 998 octets,
> SMTPUTF8, or various other SMTP protocol issues.  The only surefire way
> to know that your email will be accepted by the remote system is to
> speak the protocol properly.  If people want an option to break the
> protocol, that's fine, but we should try to avoid doing that by default.

I'm not suggesting that we avoid doing it, but that we outsource the
problem to the SMTP server which we're going to be talking to shortly
anyway.

> The benefit to using Email::Valid in most cases is it prevents lots of
> obvious mistakes, where the email address is clearly syntactically
> invalid and undeliverable, especially due to bad author and committer
> metadata.  The Linux kernel history shows that this is not uncommon and
> it's useful to avoid this problem so you don't have to blow up people's
> inboxes with a v2 right away just because you got an invalid address on
> v1.  (Says the guy who has had to do almost exactly this.)

I've done that too, but not in a way where either Email::Valid or "mail
from" would help me, i.e. I just typo'd the local part of a gmail
address or whatever, which you won't know about until you get the
bounces (or incorrect delivery).

But it really seems like you're replying to a suggestion I'm not making,
which is that we just don't do any validation at all.

I'm suggesting that we replace our own validation with that of the SMTP
server's, yes they're don't 1=1 correspond, but I think the part of the
Venn diagram of where that matters is too small to worry about.

It has the advantage of side-stepping issues with not having
Email::Valid, as well as those cases where we're being overzelous about
RFC validation, but our local SMTP is willing to try to deliver the
mail.

It's not like authors of MTAs haven't heard of that character limit, but
they're also aware that that certain parts of the spec are loosely
enforced, and that trying delivery is often better than rejecting a mail
out of RFC pedantry.




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux