[BlueOnyx:00090] Re: Various issues wirh BlueOnyx

Michael Stauber mstauber at blueonyx.it
Fri Jan 9 09:43:28 -05 2009 

Hi Tom,

> first of all: Many thanks to Michael and Brian for all the work.
> BlueOnyx looks very promising!

Many thanks!

> Its a pitty that sendmail is still the mta instead of postfix.

We had the same discussion about ProFTPd vs. VSFTPd. VSFTPd is certainly the 
best FTP daemon around for many reasons. I'd love to have it as default FTP 
daemon in BlueOnyx.

Same for Sendmail vs. Postfix. Postfix would be my personal first pick, too. 
But implementing it would have delayed release for another couple of weeks. 
For no "visible" gain, as to the outside it would still be "just" an MTA that 
does the same thing as before (only better, of course).

In the somewhat longer haul (give it until summer 2009) we may eventually get 
there and people can then choose which MTA or FTP daemon they want.

> IMHO an antispam-solution should be integratetet but I guess you want
> to sell extra packages and I can install Spamass-milter and clamav-
> milter ...

Indeed. Keep in mind SpamAssassin and Clam AV update like every six to eight 
weeks on the average. Providing those upgrades free of charge on a steady 
basis is not quite appealing - plus throw in that they then also need to be 
supported free of charge. So Brian and I both handle that through commercial 
add ons, but you all of course have other choices there as well.

> now some Problems:
>
> When I set "Full Name" or "Language Preference" in the Personal
> Profile, and then return both are set to default.

Hmm ... OK. Now that's a nice bug. Will get at it right away.

> In "Software Updates"
> Warning: file_get_contents(/tmp/yum.check-update) [function.file-get-
> contents]: failed to open stream: Permission denied in /usr/sausalito/
> ui/web/base/swupdate/yum.php

Meh. I though I had fixed that already. Do a "rm /tmp/yum.check-update" for 
now to get rid of that. I'll give that code another touch up.

> MySQL ist passworded.
> I created a virual site with a user; I logged in as that user and
> created a MySQL-DB (with mysql disabled for that site).
> After that i created a second site with one user, logged in as that
> user and deleted the MySQL-DB from the first user?¿?¿

Huh? I'm not sure if I understood that correctly, Tom. That user shouldn't 
have permissions to delete another users MySQL database. Unless you gave that 
permission to the user to begin with, which wouldn't be that smart. I will 
look into this, of course.

> And mod-php instead of fcgid and suexec for php

Performance reasons. fcgi or suexec is abysmally slower than mod_php. Like 
factor 6-8x slower. So personally I consider that kind of performance hit a 
no-go area.

Sure, fcgi or suexec alone already make PHP quite a chunk more secure than 
mod_php, but on the other hand: The PHP security features that we added 
should also take care of things very nicely.

> thats all... until now :-)

Keep it comming. :o)

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list