On Tue, 12 Apr 2022 00:55:22 -0700 Daniel Kahn Gillmor <d...@debian.org> wrote:
For example, I'm preparing the sasl-xoauth2 module for debian (see https://bugs.debian.org/1006888) and the upstream developer for that package (Tarick Bedeir, in Cc here) has some hooks in his upstream .deb packaging (that targets ubuntu), which trying to copy /etc/ssl/certs/ca-certificates.crt into the chroot whenever ca-certificates is updated:
Please. Stop. Doing. This. Nonsense. Just use proxy:ldap: map in postfix, or un-chroot the service in question. Copying stuff into postfix chroot has been a bad practice for years. This is an endless headache, you wont win, and this is absolutely unnecessary. Just use the tools especially designed for this. /mjt
