Re: [Gen-art] [sieve] Gen-ART Last Call Review of draft-ietf-sieve-include-13

Barry Leiba <> Fri, 13 January 2012 15:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0505C21F84CD; Fri, 13 Jan 2012 07:13:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.721
X-Spam-Status: No, score=-102.721 tagged_above=-999 required=5 tests=[AWL=0.256, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2sXtoMO3mISn; Fri, 13 Jan 2012 07:13:55 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 4D5A021F845F; Fri, 13 Jan 2012 07:13:55 -0800 (PST)
Received: by yenr11 with SMTP id r11so308458yen.31 for <multiple recipients>; Fri, 13 Jan 2012 07:13:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=kCQwa5isQj/RaVT7dmuintVTJEeJRMRSWg4n9MEp+p8=; b=g7nSc5vCgJMfKRnK6V45ALKPWuSSasl9+ok6WzyDSMJdE+vRAyJhBvec/Ut5jo7yUh nxESo/NgqZF+Iz6wPJS649CjoSnDf3kNIetP2PAZG6p3djeYVIK5iFD8txzm+rCoWs7D yEtaQAnTU6tRcp8UJa8p3HH/yUzvrJmL+rH4I=
MIME-Version: 1.0
Received: by with SMTP id c23mr2020878yhk.58.1326467634850; Fri, 13 Jan 2012 07:13:54 -0800 (PST)
Received: by with HTTP; Fri, 13 Jan 2012 07:13:49 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <>
Date: Fri, 13 Jan 2012 10:13:49 -0500
X-Google-Sender-Auth: VMYjuaVuR_GATWOWG6bl3jAQgYc
Message-ID: <>
From: Barry Leiba <>
To: Aaron Stone <>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Ben Campbell <>, " Review Team" <>, Sieve mailing list <>
Subject: Re: [Gen-art] [sieve] Gen-ART Last Call Review of draft-ietf-sieve-include-13
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 13 Jan 2012 15:13:56 -0000

>>> -- section 3.1, paragraph 4: "Implementations MUST NOT generate errors for
>>> recursive inclusions at upload time, as this would force an upload ordering
>>> requirement upon script authors / generators.  However, if an active script
>>> is replaced with a faulty script and would remain the active script, an
>>> error MUST be generated and the upload MUST fail."
>>> These two statements seem contradictory on a quick reading.  In
>>> particular, how can the latter assertion avoid an upload ordering
>>> requirement? Or do you mean faulty in some way other than being recursive?
>> If you're replacing an active script, it has to be correct all the time, and
>> uploads are atomic only on a per-script basis. There's a risk that if you're
>> uploading a set of scripts that include one another, at some intermediate
>> stage while some scripts are uploaded but not others, they are in an invalid
>> state. The managesieve spec says that scripts must be validated at upload
>> time. The language above is trying to say that you can upload all of the
>> scripts that may include one another in any order without generating errors
>> immediately, however, if you're replacing an active script or a script
>> included by the active script, then you DO have to upload a correct script
>> right from the get-go.
>> Is this just a question of whether the script(s) are replacing active
>> scripts? That is, the license to create a transient invalid state is
>> suspended if if you are replacing an active script? If so, how would one go
>> about updating a set of linked scripts when one or more of them replace
>> active scripts? Should one somehow deactivate the old ones, load all the
>> scripts, then activate them?
> Having written this out, I don't recall how an implementation would
> handle this. I haven't had luck tracking down maling list discussion
> on the topic. I'll have to chase up on this.

I don't think this is a real problem; the text just needs a little
tweaking.  Errors should still be generated at upload time for any
detectable script errors OTHER THAN recursion.  What this is meant to
deal with is a situation where, say, we have this:

main includes sub-a
   sub-a includes sub-b
      sub-b includes sub-c

...and we want to rewrite things and  change the structure thus:

main includes sub-a
main includes sub-c
   sub-c includes sub-b
     [sub-b no longer includes sub-c]

This would require that we update sub-b *before* we update sub-c, or
else we'd get an error at upload time.  The text is meant to block the
recursion error, so we can update the scripts in any order.  However,
if the script gets run in the middle of the updates and we hit a
recursion situation, we WILL get a runtime error.

That's all that text is meant to do.

That said, it would be wise for implementations to provide a way to do
an atomic update of a set of scripts, because, clearly, multiple
scrips in some indeterminate intermediate upload state could do very
weird (and perhaps bad) things, even if no errors are generated during
their execution.

I think this isn't a protocol requirement, but a
quality-of-implementation issue.  But I do think the document could
have a paragraph discussing this, and warning of the consequences.

Barry, document shepherd