Mailing List Archive

On Fri, 16 Jul 2004, Matt Sealey wrote:

> What's the practical difference between libspf and libspf2 (-alt)
> and of course libsrs and libsrs2?
>
> I can't find any FAQ anywhere that basically says why I should
> use one over the other..

It's not very frequently asked, which is odd. libspf2 and libsrs2 came
together as a combined effort a little while after libspf and libsrs were
written, and thus have all the advantages of a "second generation"
implementation.

The newer libraries are more widely available and better supported on more
platforms and MTAs. There's an issue tracking system to keep track of
current bugs, and a large team of supporting developers and packagers for
various MTAs and distributions.

There has also been considerably more testing and compliance work done on
the second generation libraries.

I would therefore recommend the use of libspf2 and libsrs2.

Hope that helps.

S.

--
Shevek http://www.anarres.org/
Robust Sender Policy Framework (SPF) http://www.libspf2.org/
SRS for the next generation http://www.libsrs2.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Fri, Jul 16, 2004 at 12:01:19PM +0100, Matt Sealey wrote:
>
> What's the practical difference between libspf and libspf2 (-alt)
> and of course libsrs and libsrs2?
>
> I can't find any FAQ anywhere that basically says why I should
> use one over the other..

What I know is that libsrs uses openssl, whereas libsrs2 has internal encryption routine's.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Fri, 2004-07-16 at 05:06, Shevek wrote:

> It's not very frequently asked, which is odd. libspf2 and libsrs2 came
> together as a combined effort a little while after libspf and libsrs were
> written, and thus have all the advantages of a "second generation"
> implementation.

Its quite frequent indeed. I have received TOO MANY such emails
personally asking me just what is going on. The only thing thats
"second generation" about libspf-alt is that its Wayne's second
attempt. I didn't need to make a second attempt with libspf because
clearly in its first iteration it has been successful.

All you two have done is confuse the hell out of everyone and this is
only detracting from the real underlying goal here.

> The newer libraries are more widely available and better supported on more
> platforms and MTAs. There's an issue tracking system to keep track of
> current bugs, and a large team of supporting developers and packagers for
> various MTAs and distributions.

The newer libraries are just that. Newer code != better code. Both
libspf and libsrs have been in the wild longer and by that they have
been subject to longer periods of testing and are thus more mature.

> There has also been considerably more testing and compliance work done on
> the second generation libraries.

I would love to know how you quantify such a statement shevek, in fact
you can't because you have no real idea just how much testing and
compliance work is being done on behalf of libspf. Making such a
statement is pure ignorance on your part.

> I would therefore recommend the use of libspf2 and libsrs2.

> Hope that helps.

Thats not very helpful at all considering your message contained nothing
of value.

Shevek and Wayne have intentionally gone about confusing the public by
their choice of domain name because they are so full of themselves that
they believe to be the proprietors of superior software. Shevek himself
believes that he is capable of delivering 1500 lines of 'production
code' per day. ANYONE who has anything to do with programming has to be
falling off their chair laughing at this time given the absurd nature of
such a statement! LOL.


Cheers,

James

--
James Couzens,
Programmer
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBD3BF855

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Fri, 2004-07-16 at 04:01, Matt Sealey wrote:
> What's the practical difference between libspf and libspf2 (-alt)
> and of course libsrs and libsrs2?

libspf is more mature, and has a much smaller code base. Here is an
example:

libspf:

-rw-r--r-- 1 james james 48360 Jul 17 16:26 libspf.a
-rwxr-xr-x 1 james james 56520 Jul 17 16:27 libspf-1.0.so.0.0.1

james@code3 .libs $ ldd libspf-1.0.so.0.0.1
linux-gate.so.1 => (0xffffe000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40029000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4003a000)
libc.so.6 => /lib/libc.so.6 (0x4004f000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)

libspf2:

-rw-r--r-- 1 james james 96198 Jul 17 16:28 libspf2.a
-rwxr-xr-x 1 james james 101580 Jul 17 16:30 libspf2.so.1.0.0

james@code3 .libs $ ldd libspf2.so.1.0.0
linux-gate.so.1 => (0xffffe000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40032000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40047000)
libc.so.6 => /lib/libc.so.6 (0x40058000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)

I dunno about you, but in my experience more code equates to more bugs.
Like most things in life, bigger is rarely better ;-)

> I can't find any FAQ anywhere that basically says why I should
> use one over the other..

I generally use software thats more mature. Quite frankly even my own
library is larger than necessary, I believe the Cristophe's SPF
implementation is the tiniest I've seen yet.

At the end of the day its pretty much up to you. Obviously I am biased
in any opinion I express. I would suggest that you try and ask
questions should any arise.

As regards libsrs, thats a long story, one you can read all about here:
http://moscow.6o4.ca/shevek.html

Hope that helps.

Cheers,

James
--
James Couzens,
Programmer
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBD3BF855

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Fri, 2004-07-16 at 05:22, Koen Martens wrote:

> What I know is that libsrs uses openssl, whereas libsrs2 has internal
> encryption routine's.

Which would you hold more stock in, something that cryptography experts
authored (OpenSSL) or an implementation authored by an amateur? I
should hope the prior. Cryptography should be left to the experts IMHO,
until such time as there is stability and groundwork sufficient enough
to warrant the implementation of anything else. How else are we to
deliver any confidence?

Cheers,

James

--
James Couzens,
Programmer
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBD3BF855

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Shevek wrote:

> It's not very frequently asked, which is odd. libspf2 and libsrs2 came
> together as a combined effort a little while after libspf and libsrs were
> written, and thus have all the advantages of a "second generation"
> implementation.

Is libspf2 (as the name says) SPF version 2 ("v=spf2") and therefore should
not yet be used?

Roger

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Sun, Jul 18, 2004 at 01:05:08AM -0700, James Couzens wrote:
> On Fri, 2004-07-16 at 05:22, Koen Martens wrote:
>
> > What I know is that libsrs uses openssl, whereas libsrs2 has internal
> > encryption routine's.
>
> Which would you hold more stock in, something that cryptography experts
> authored (OpenSSL) or an implementation authored by an amateur? I
> should hope the prior. Cryptography should be left to the experts IMHO,
> until such time as there is stability and groundwork sufficient enough
> to warrant the implementation of anything else. How else are we to
> deliver any confidence?

Listen, i'm getting sick of this fight of you two. I never said which is
better, i just stated a fact. Let anyone decide for themselves.

As a sidenote, there is the matter of responsiveness. I've found that
shevek has been more responsive to questions/requests I had when
patching sendmail as you were. I don't know what this says about the
quality of the code, but it sure helped me.

What I really mean is, if you want my help: im happy to comply. If you
don't want my help, then please JUST SAY SO. Ignoring me is not what I
call open communication, which is what I like.

No hard feelings, just something a had to get of my chest.

Koen

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Sun, 2004-07-18 at 11:21 +0200, Koen Martens wrote:
> On Sun, Jul 18, 2004 at 01:05:08AM -0700, James Couzens wrote:
> > On Fri, 2004-07-16 at 05:22, Koen Martens wrote:
> >
> > > What I know is that libsrs uses openssl, whereas libsrs2 has internal
> > > encryption routine's.
> >
> > Which would you hold more stock in, something that cryptography experts
> > authored (OpenSSL) or an implementation authored by an amateur? I
> > should hope the prior. Cryptography should be left to the experts IMHO,
> > until such time as there is stability and groundwork sufficient enough
> > to warrant the implementation of anything else. How else are we to
> > deliver any confidence?
>
> Listen, i'm getting sick of this fight of you two. I never said which is
> better, i just stated a fact. Let anyone decide for themselves.
>
> As a sidenote, there is the matter of responsiveness. I've found that
> shevek has been more responsive to questions/requests I had when
> patching sendmail as you were. I don't know what this says about the
> quality of the code, but it sure helped me.
>
> What I really mean is, if you want my help: im happy to comply. If you
> don't want my help, then please JUST SAY SO. Ignoring me is not what I
> call open communication, which is what I like.
>
> No hard feelings, just something a had to get of my chest.


Interesting, i have found just the opposite to be true. I have been
working with James, et al, for sometime on some packaging and such, and
found James to be overly responsive to my requests and technical needs.
And i personally would like to thank James, Sean, Travis, and Seth
Goodman for a lot of technical pointers and advice in along my personal
and business "road map" to ASTA compliance.

Michael Weiner
Senior Systems Administrator

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Sun, 2004-07-18 at 02:21, Koen Martens wrote:

> Listen, i'm getting sick of this fight of you two. I never said which is
> better, i just stated a fact. Let anyone decide for themselves.

Well one can't let propaganda propagate freely through the Internet now
can they. I shall continue to assert my feelings about the deplorable
behaviour of Shevek and Co. until such time as they concede to rename
their project.

> As a sidenote, there is the matter of responsiveness. I've found that
> shevek has been more responsive to questions/requests I had when
> patching sendmail as you were. I don't know what this says about the
> quality of the code, but it sure helped me.

Well I'm not sure if you have noticed or not but all of your suggestions
have been implemented. Michael who has been working with your patches
has an operational version of libSRS running with Sendmail which will be
properly released all in good time.

That being said, silence does not always reflect a lack of action. I
see everything that passes through this list and others, rest assured it
is assimilated regardless of a response on my part or not. I can
appreciate your frustration however I shall attempt to be more vocal as
regards SRS issues in the near future.

> What I really mean is, if you want my help: im happy to comply. If you
> don't want my help, then please JUST SAY SO. Ignoring me is not what I
> call open communication, which is what I like.

Your help is most certainly appreciated. My apologies if you found my
last message sharp, that was not its intent, however I interpreted your
message to infer superiority through the absence of OpenSSL in
'libsrs-shevek'.

> No hard feelings, just something a had to get of my chest.

None taken, I hope that you are able to continue your contributions as
they are not only welcome, but genuinely appreciated.

Cheers,

James

--
James Couzens,
Programmer
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBD3BF855

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

In <1090137908.17832.62.camel@code3> James Couzens <jcouzens@6o4.ca> writes:

> On Fri, 2004-07-16 at 05:22, Koen Martens wrote:
>
>> What I know is that libsrs uses openssl, whereas libsrs2 has internal
>> encryption routine's.
>
> Which would you hold more stock in, something that cryptography experts
> authored (OpenSSL) or an implementation authored by an amateur? I
> should hope the prior. Cryptography should be left to the experts IMHO,
> until such time as there is stability and groundwork sufficient enough
> to warrant the implementation of anything else. How else are we to
> deliver any confidence?


For what it is worth, Shevek just finished up his PhD thesis in
computer security. SHA1 is not exactly the hardest algorithm to
implement, there are lots of test suites and such for it. Generally,
security lapses are much more likely to occur in how functions such
as SHA1 is used than in SHA1 itself.


-wayne

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

In <1090106409.17832.22.camel@code3> James Couzens <jcouzens@6o4.ca> writes:

> On Fri, 2004-07-16 at 05:06, Shevek wrote:
>
>> It's not very frequently asked, which is odd. libspf2 and libsrs2 came
>> together as a combined effort a little while after libspf and libsrs were
>> written, and thus have all the advantages of a "second generation"
>> implementation.
>
> Its quite frequent indeed. I have received TOO MANY such emails
> personally asking me just what is going on. The only thing thats
> "second generation" about libspf-alt is that its Wayne's second
> attempt. I didn't need to make a second attempt with libspf because
> clearly in its first iteration it has been successful.

I dunno James. You are on something like your third or forth rewrite
of your macro processing code. Your API as also changed a great deal
since your earlier versions.

Honestly James, it would have been much better if you had not
announced your initial release of your implementation on a Friday
claiming that it would be released over the weekend and then not
delivered for another two weeks. Two weeks was all it took for me to
create libspf2.

Your latest release of your implementation doesn't even have all the
features of the initial release of libspf2.


> All you two have done is confuse the hell out of everyone and this is
> only detracting from the real underlying goal here.

No, James, all you have done is caused delays and have held back the
development of SPF and SRS.

Go code and stop whining. It would be best if you would not continue
to work on your trailing implementation, but I doubt that your ego
will let you do that.



>> There has also been considerably more testing and compliance work done on
>> the second generation libraries.
>
> I would love to know how you quantify such a statement shevek, in fact
> you can't because you have no real idea just how much testing and
> compliance work is being done on behalf of libspf. Making such a
> statement is pure ignorance on your part.

No, James, it is not pure ignorance. As the person who has done more
testing on your library than anyone (at least up to around v0.24 or
so), I am quite aware of problems with your library.


It sure would be nice if you would help the entire SPF community and
be willing to work on other people's code like others have been
willing to work on yours. I have shown by my actions to be willing to
put my first implementation of SPF aside in order to help you and the
SPF community. I have continued to work on testing code for your
implementation. You have done nothing that doesn't benefit you
personally.

It was due to the problems with your code that I found through testing
that lead me to decide that the only way to get a working C
implemenation that matches the perl M:S:Q implementation was to write
my own.


Personally James, I have gotten very tired of your selfishness, huge
ego and never ending whining.


-wayne


-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Sun, 2004-07-18 at 05:56, wayne wrote:

> I dunno James. You are on something like your third or forth rewrite
> of your macro processing code. Your API as also changed a great deal
> since your earlier versions.

You are wrong. The MACRO code has not changed since it was released.
Bugs have merely been fixed as they have been discovered by Roger.

> Honestly James, it would have been much better if you had not
> announced your initial release of your implementation on a Friday
> claiming that it would be released over the weekend and then not
> delivered for another two weeks. Two weeks was all it took for me to
> create libspf2.

Can you code 1500 lines of production code per day also?

> Your latest release of your implementation doesn't even have all the
> features of the initial release of libspf2.

Who cares what libspf2 has. libSPF supports the features as set out by
the RFC. Any other feature creep is merely just that. Feature creep.
The only thing to the best of my knowledge thats missing is IPv6 support
which is awaiting patch integration from which I received late last
week.

> No, James, all you have done is caused delays and have held back the
> development of SPF and SRS.

No, actually you have confused people, and I've had to waste time
explaining it. Not only that, but both you and Shevek have directly
ignored a request from Meng:

[freeside(~mengwong@dumbo.pobox.com)] with the shevek crap, i'll ask him
to rename the lib because calling things whatever2 is bad for versioning
anyway

Why do you disregard such wise direction?

> Go code and stop whining. It would be best if you would not continue
> to work on your trailing implementation, but I doubt that your ego
> will let you do that.

Why I could very well say something similar to you: Rename your library
and stop confusing everyone.

> No, James, it is not pure ignorance. As the person who has done more
> testing on your library than anyone (at least up to around v0.24 or
> so), I am quite aware of problems with your library.

Please fill me in on these "problems".

> It sure would be nice if you would help the entire SPF community and
> be willing to work on other people's code like others have been
> willing to work on yours. I have shown by my actions to be willing to
> put my first implementation of SPF aside in order to help you and the
> SPF community. I have continued to work on testing code for your
> implementation. You have done nothing that doesn't benefit you
> personally.

Wayne, when you wrote SPFQuery and submitted a patch to me, and the
other patches you submitted, you had not made public to me, your
intentions to write an alternative implementation. So PLEASE explain to
me, why I would submit patches back to an implementation that I knew
nothing about?! And furthermore, once I did learn of it, why would I
submit patches to an alternative implementation when I've got my own to
worry about?

> It was due to the problems with your code that I found through testing
> that lead me to decide that the only way to get a working C
> implemenation that matches the perl M:S:Q implementation was to write
> my own.

Please detail these problems to me. To date you have done nothing more
than complain about code style.

> Personally James, I have gotten very tired of your selfishness, huge
> ego and never ending whining.

Just how am I selfish? I write a library before you do, release it, you
decide to write another one, and then you expect ME to drop everything I
am doing and join you JUST because you say so? Give me a break! Just
as you could say "You should help me" I can say the same thing to you,
only I've got a substantially stronger case since your implementation is
bloated and younger.

I'd love to know how you deem my ego to be so huge. You and Shevek are
both great at just spouting off labels and insults without qualifying
them with proof.

The complaining I have submitted this list to, or rather "whining" as
you would have it, is perfectly justified, because all of you ignore my
VALID complaints. You were warned that this would happen. I shall not
drop this issue because you and Shevek are both completely out of line,
and its rather shameful.

You want to drag this out some more?

Cheers!

James

--
James Couzens,
Programmer
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBD3BF855

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Sun, 2004-07-18 at 05:30, wayne wrote:

> For what it is worth, Shevek just finished up his PhD thesis in
> computer security. SHA1 is not exactly the hardest algorithm to
> implement, there are lots of test suites and such for it. Generally,
> security lapses are much more likely to occur in how functions such
> as SHA1 is used than in SHA1 itself.

Given his behaviour, its worth very little. And despite what you say,
commonly handed out wisdom re: cryptography is, "don't roll your own".
Not to discourage someone from learning of course, but as I previously
stated, given the nature of this entire operation, its seems to me its
more prudent to stick with something thats tried, tested, and true. And
more importantly, despite the speed enhancement facilitated through use
of a small independent MD5 or SHA1 implementation, its of little value
considering that the attainable signature generation achieved with
OpenSSL is more then sufficient for even the Internet's most verbose
MTA.

Cheers,

James

--
James Couzens,
Programmer
-----------------------------------------------------------------
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBD3BF855

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Jul 18, 2004, at 4:05 AM, James Couzens wrote:
> On Fri, 2004-07-16 at 05:22, Koen Martens wrote:
>> What I know is that libsrs uses openssl, whereas libsrs2 has internal
>> encryption routine's.
>
> Which would you hold more stock in, something that cryptography experts
> authored (OpenSSL) or an implementation authored by an amateur? I
> should hope the prior. Cryptography should be left to the experts
> IMHO,
> until such time as there is stability and groundwork sufficient enough
> to warrant the implementation of anything else. How else are we to
> deliver any confidence?

First I intend to imply nothing about the quality of spf/spf2 srs/srs2.

OpenSSL has a few bugs here and there, and they are fixed rapidly by
professionals. James is completely correct that one cannot be faulted
for using OpenSSL as the crypto backend to their product. However, I
would like to emphasize that when people implement crypto, they usually
copy the routines out of RFCs, implementation examples or other
software (like OpenSSL). There are rarely mistakes made in this
copying.

However, 99% of crypto errors are _not_ in the cryptographic routines
themselves, but by improperly using those routines (poor key selection,
bad IV initialization, accidental exposure of secrets or secret
byproducts, or improper ordering of transformations). In this respect,
libsrs and libsrs2 are equally vulnerable to poor implementation. I
have reviewed neither piece of software.

If you want to deliver confidence, have the (whichever) implementation
reviewed by a security specialist that has a track record of reviewing
both theoretical and practical correctness of cryptographic use.
Regardless of whether you use OpenSSL or a private implementation of
the routines you need (or even another popular crypto library like
mcrypt) confidence is gained by review.

// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
// Ecelerity: fastest MTA on Earth

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Dear Wayne and Shevek

As I have understood James, he does not mind that you made another SPF and
SRS library. What he objects is that you gave them the same names as his
libraries. It does not matter how good or how useless James' libraries are,
but you should not use his trademarks ("libspf" and "libsrs"). So please
rename your libraries, or give us a really good reason why you used the same
names.

What would you say if I renamed my SPF library to libspf3 and announced that
this is the final SPF library?

Roger

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

On Sun, 18 Jul 2004, Roger Moser wrote:

> Dear Wayne and Shevek
>
> As I have understood James, he does not mind that you made another SPF and
> SRS library. What he objects is that you gave them the same names as his
> libraries. It does not matter how good or how useless James' libraries are,
> but you should not use his trademarks ("libspf" and "libsrs"). So please
> rename your libraries, or give us a really good reason why you used the same
> names.

This isn't about the naming of the library, this is about the existence of
ANY other SPF project whatsoever, other than the one he is sitting on top
of.

There have been many discussions on this subject (which most parties have
chosen not to make public) in the course of which this has become clear.

I suggest that as long as everyone is happy with what they, personally,
are doing, why bother with this huge "propaganda" campaign? I'm attempting
to avoid posting on this subject in support of this view.

> What would you say if I renamed my SPF library to libspf3 and announced that
> this is the final SPF library?

I'm very sorry, you'd have to be libspf4 now. The pissing contest has
already entered the third generation. Quick, someone register libsrs3.org
and then we can really have fun.

I suggest you simply choose whichever works better for you, or makes you
feel warm and fuzzy inside, and relax and watch the blinkenlichten
(presumably the ones on your modem or router if this pissing contest is
going to heat up again).

S.

--
Shevek http://www.anarres.org/
Robust Sender Policy Framework (SPF) http://www.libspf2.org/
SRS for the next generation http://www.libsrs2.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com